The goal of computer and cellular phone forensics is to explain the current state of the digital device. Special equipment is used to preserve the state of the device prior to review. Computer forensics typically includes hard drives, CD's, external USB drives (thumb drives), PDAs and flash memory.

If possible the investigator will capture a live memory dump of the device to give an exact duplication of the system state. Bit for bit copies of the digital media provide the investigator with a secure way to construct a time line without modifying the original evidence.

There are many reasons to employ the techniques of computer forensics:

• In legal cases, computer forensic techniques are frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).

• To recover data in the event of a hardware or software failure.

• To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.

• To gather evidence against an employee that an organization wishes to terminate.

• To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.

Forensic examiners are careful to maintain evidence in accordance with the law in case the results of an investigation are used in court. Clearly documented chain of custody documents and incident reports are example records that are maintained by the investigator.

In accordance with Federal and Colorado law - any case involving child porn or exploitation of a minor is immediately referred to law enforcement.