In the context of cybersecurity, cyber forensics is the process of examining digital material and computer software such as various devices for the motives and goals of gathering evidence in an investigation of an exploit or criminal act.

The steps involved in cyber forensics are acquisition, examination, analysis, and reporting. The techniques used include cross-drive analysis, live analysis, deleted files, stochastic forensics, and stenography.