Computer Forensics

Computer Forensics definition in Computer Security terms:

Acronym(s): None

Definition(s): See digital forensics.
Source(s): CNSSI 4009-2015

Involves the identification, preservation, extraction, and documentation of computer-based evidence.
Source(s): NIST SP 800-36 (

Synonym(s): Digital Forensics
In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.
Source(s): CNSSI 4009-2015 The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
Source(s): NIST SP 800-86


reference: CSRC Glossary