This document provides an overview of computer forensics. It defines computer forensics as the process of identifying, collecting, and analyzing digital evidence in a way that is legally acceptable. The document then discusses the evolution of digital forensics over three phases: the ad-hoc phase from the 1970s-1980s when tools were lacking; the structured phase from the 1980s-1990s when basic tools and techniques were developed; and the enterprise phase from the 1990s onward as computer use increased exponentially. Finally, it notes that computer forensics is needed for criminal investigations, security investigations, domestic cases, and data/IP theft cases to produce legally acceptable evidence that can lead to punishment.