What Are the Four Principles of Computer Forensics?

Written by adrian grahams Google
  • Share
  • Tweet
  • Share
  • Pin
  • Email
What Are the Four Principles of Computer Forensics?
Core principles on digital evidence guide computer forensics experts. (George Doyle/Stockbyte/Getty Images)

Computer forensics has become an increasingly important tool in the constant battle against cyber crime. Many national and international law enforcement agencies include speciality computer crime divisions to track down cyber fraudsters, hackers, stalkers, terrorists and pornographers. The agencies deploy computer forensics experts to gather evidence over the Internet and by examining computer hard drives seized during police raids. Although cyber crime experts constantly develop new techniques, four core principles remain at the heart of computer forensics.


Computer forensics teams often work across national borders to track down and prosecute cyber criminals. This poses difficulties because legislation covering digital evidence differs between jurisdictions. Law enforcement agencies work together and with governments across the world to standardise the principles and practices of computer forensics, according to "Forensic Focus."

Evidence Gathering

A core principle of computer forensics is the techniques for collecting digital evidence must not alter the data. For digital evidence to stand up in court prosecutions, the evidence must remain intact and unaltered as far as possible. Proof that computer files have been altered or deleted during the investigation can prevent successful prosecutions. The evidence presented to court must be the same as the evidence collected from the computer.

Evidence Handling

Digital evidence often passes through the hands of many investigating agencies during the process of data analysis. Careful documenting of all evidence handling is a key principle of computer forensics. Experts work together to ensure each agency fully documents handling and all analysis and testing of the digital evidence.

Evidence Access

Protecting digital evidence from tampering or unauthorised access is vital to ensure successful prosecutions of cyber criminals. Following processing and analysis, digital evidence is carefully stored in a secure environment. A core principle of computer forensics is only personnel deemed forensically competent should access the original digital evidence during and after analysis.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the eHow.co.uk site, you consent to the use of cookies. For more information, please see our Cookie policy.