This document discusses the process of computer forensics which includes acquiring data from computers and storage devices, identifying recoverable data through forensic tools, evaluating the recovered data to determine how it can be used in employment termination or prosecution, and presenting the evidence in a manner that is understandable for legal purposes. It also discusses techniques for hiding and recovering hidden data such as steganography, watermarking, and analyzing disk slack space and swap files. The challenges of digital evidence acceptance in court and costs of computer forensics are also summarized.