The word FORENSICS means “to bring to the court “. Forensic deals with the recovery & analysis of evidence. Hence, computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications and storage devices in a way that is admissible as evidence in a court of law.

Computer forensics goal is to do the investigation and find out exactly what happened on the suspect system and who was responsible for it. Generally results of a forensic investigation are used in criminal proceedings.
Computer forensic investigators should look for:-
1. Who are the attackers?
2. What harm they have done to the organizations.
3. How they have done i.e. the methods, tools and techniques they have used for carrying out the attack.
But the main challenges faced by computer forensic investigators is how to find the attacker if he has attacked the suspect system by using anonymous service through proxy server, internet cafes or common use system.
A computer forensic investigator should:-
1. Not use the suspect system because using the suspect system may destroy some/all evidence.
2. Check the HDD, FDD of the suspect system properly for any kind of virus, threats etc.before copying the data on a removable disk for analysis.
3. Look for the DEAD FILES and LIVE FILES on the suspect computer. Live files are those files which can be read by the operating system from the hard disk, dead files are deleted files but are there on the hard disk of the system but cannot be used by operating system.
Various tools can be used for carrying out computer forensic investigation:-
1. ACCESSDATA FORENSIC TOOLKIT (FTK): – It has customized filters that allows investigator to sort through thousands of files to quickly find the evidence you need.
2. ENCASE FORENSIC EDITION: – It provides investigators tools to conduct large-scale & complex investigations with accuracy & efficiency and allows viewing all relevant files including deleted files, and unallocated space.
3. HELIX3: – a live Linux forensic tool, can be used to examine disk safety to see what has been changed i.e. what the attackers have done to the system.
4. FIRE (FORENSIC & INCIDENT RESPONSE ENVIRONMENT): – It is a portable bootable CD-ROM based distribution for forensic analysis, incident response, data recovery, and virus scanning and vulnerability assessment.
Computer forensic can be used effectively for tracking the criminals who attack the computer networks for stealing the important information like secret information of the company, credit card and bank account information. By using the various tools available the evidences can be produced and can be used in law of court.