In the January 2007 edition of Forensic Magazine, Ken Zatyko provided a comprehensive definition of digital forensics: 

“The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation” 

This definition serves as a solid foundation for our course. It's essential to recognize that digital forensics encompasses more than retrieving deleted data from a laptop. Throughout this course, we'll analyze various forms of digital evidence, including documents, videos, pictures, audio, and beyond.

BTK (Bind, Torture, Kill) Killer: Dennis Rader was the BTK Killer and avoided being captured for 30 years. What led to his capture was that the police were sneaky and got him to send them a floppy disk. On the floppy disk, the police found metadata (think of this as data within the data; we will learn about this later). The metadata of a file  contained essential details: 

• the “Date Created” (Thursday, February 10, 2005 6:05:34 PM) 

• the “Date Modified” (Monday, February 14, 2005 2:47:44 PM) 

• “Title” (Christ Lutheran Church) 

• “Last Saved By:” (Dennis)

They were able to use this information to locate and arrest Dennis.   

Zacarias Moussaoui:  He was arrested in August 2001. During the arrest, police seized a laptop and other items. They were able to locate an email address that he used.  They also determined that he used computers at Kinko's or the University of Oklahoma.