images-1
The Forensic Process


There are five basic steps to computer forensics:

1. Preparation (of the investigator, not the data)
2. Collection (the data)
3. Examination
4. Analysis
5. Reporting


The investigator must be properly trained to perform the specific kind of investigation that is at hand.

Tools that are used to generate reports for court should be validated. There are many tools to be used in the process. One should determine the proper tool to be used based on the case.