Computer forensics is the “who, what, when, and how” of electronic evidence. Typically narrow in scope, it attempts to reconstruct events, focusing on the computer-based conduct of an individual or group of individuals. The types of cases involving computer forensics are numerous and varied – from the personal (i.e. locating hidden assets in a messy divorce case), to the political (i.e. investigating alleged misuse of government computers for political gain), to the dramatic (i.e. “What was your client’s former
employee downloading from the Internet before he was fired
and brought suit for wrongful termination?”).