Data Forensics: A Special Kind of Data Recovery
Data forensics is a unique form of data recovery. Much like traditional forensic investigations at a crime scene, data forensics can be used to investigate criminal activity that involves using a computer or other digital device. This science can also be used internally by a company, school, or other agency to investigate data breaches and improper use of equipment, software, and services. (This is typically related to a serious infraction such as copying or transmitting confidential information, attempting to access or modify records or files without authority, or using company resources for illicit or questionable purposes.)
As with a traditional forensic investigation, compiling data as evidence in a criminal matter or for serious internal action requires that you secure the data to avoid potential contamination. This is obviously an issue when a crime is suspected, but it can also be important from a legal perspective if the situation involves confidential or sensitive information, if it has the potential for legal action inside or outside of the company, or if it may result in termination or similar drastic action.
A detailed explanation of data forensics is beyond the scope of this article, but I've previously written about some of the processes and Mac OS X tools. (Although these articles are older, the information is still accurate. The tools I discuss are still available, but obviously they have been updated.)