Computer forensics and mobile phone forensics is not about processing information; but about exploring people and their activities concerning a computer or other digital data processing or storage device. So Seeking to find and use information about what’s happened to data as evidence to pinpoint deceptive, dishonest or deceptive behaviour in individuals
The forensic analysis of data stored on mobile phones, PDAs, notebooks, PCs and other information processing and storage devices provides a valuable source in litigation, and dispute resolution, in several circumstances the recovery of deleted e-mails, and ‘hidden’ data, of which the computer user behaviour analysis may be, and probably is completely unaware. For instance, data embedded inside the computer file or cached to disk about the sequence of access and editing of a record, when and who by. This delivers new evidence that is often sufficiently persuasive to short-circuit the whole dispute.
Diagnosis through computer forensics and mobile phone forensics requires a lot more than simply copying files and folders from concentrated devices or computers. Data from computers needs to be especially imaged to produce an specific copy showing the information stored inside.
Three Important factors to ALWAYS remember together with digital data storage devices, including computers and mobile phones
1. Computer evidence must be SECURED quickly to Decrease the risk that it might be ruined, accidentally or deliberately
2. If the device to be researched is found powered, DO NOT SWITCH IT ON
3. If the apparatus to be researched is discovered powered on, DO NOT SWITCH IT OFF