Computer crimes are specifically defined by federal and/or state statutes and any computer documentary evidence utilized during a computer investigation may include computer data stored on floppy diskettes, zip disks, CDs and computer hard disk drives. The evidence necessary to prove computer-related crimes can potentially be located on one or more computer hard disk drives in various geographic locations. This evidence can reside on computer storage media as bytes of data in the form of computer files and ambient data, however, ambient data is usually unknown to most computer users and is therefore often very useful to computer forensic investigators. Computer investigations rely upon evidence stored as data and the timeline of dates and times that files were created, modified, and/or last accessed by a computer user. Timelines of activities can be essential when multiple computers and individuals are involved in the commission of a crime. In addition, computer investigations generally involve the review of Internet log files to determine Internet account abuses. Using computer forensic procedures, processes, and tools, computer forensics investigators can identify passwords, network logons, Internet activity, and fragments of email messages that were dumped from computer memory during past Windows work sessions. 1
Vinson & Elkins LLP Practice Support, EDD Glossary.