IT Forensics tools today
IT Forensics tools today can be categorized into Data gathering and data analysis.
The data gathering tools runs a monitor on the subject machine and gathers the necessary information - typically a mdf or pst file in windows environment.
The data analysis tools are evolving and would depend on the legal objective - if the objective is a simple source code search or keywords, it is quite easy. However, if you are looking for photographs or audio or video, it is complex - luckily, most of the legal needs today are ‘text’ based lookups.
One of the key areas where the tools offer an extra hand is: they record the system name and date which are very important to prove it in a court of law.