IT Forensic is all about, Information, Integrity and the Protection of Evidence.
IT Forensic is the capturing of electronic evidence on the computer being investigated where the computer was used as a tool to commit a crime.
Computer-based electronic evidence is, by its very nature, fragile. It can be altered, damaged or destroyed by improper handling or examination. It is therefore important that the integrity of the information captured remain intact.
The physical investigation of computers / servers and computer media consist of a number of interventions like data recovery, reverse engineering and identifying the criminal / civil or departmental events that took place on the computer / server or computer media.
It’s vital for the integrity / continuity of evidence that this service delivery is provided by experience IT Forensic experts.
The processes and procedures (best practice standards) which are used by IT Forensic experts to seize, capture and retrieve electronic evidence is of essential importance during Cyber and Computer Crime Investigations.
Electronic evidence should be preserved to such an extent that a third party is able to repeat the same process and arrive at the same result as that presented to a Court or Hearing.