Data recovered in a computer forensic examination can usually be sorted to be viewed chronologically or alphabetically. The same data can be searched by first creating an index of the content of the data files. However, most of the content was meant to be read and understood by humans; the content was not intended to be understood by computers. Therefore, sorting and searching the data may fail to provide the needed results because these methods cannot give any kind of context to results. 

 The context-based analysis of digital evidence is a methodology for examining and interpreting data in not only its own context, but also in context with other data. “Other data” may include metadata, Windows registry files, activity logs, Internet history files, social networking, and artifacts from unallocated space. For example, a careful and detailed analysis based on context may provide information that is consistent with a pattern of behavior by a computer user. 

Understanding the nature and context of data recovered in a computer forensic examination requires unique education and experience. Calvin Weeks & Associates, LLC newest associate is Dee Cordry. Cordry is a retired special agent of the Oklahoma State Bureau of Investigation with twenty-five years of investigative experience, including eight years in the computer crime unit. Cordry has testified as an expert witness on computer crime cases in state and federal court. Cordry has the education and experience necessary to perform the analysis of context-based evidence.

The online or offline activity of a computer user creates a history, or “paper trail,” that records far more information about users' activities than most people realize. The data can serve as a window into the personality, lifestyle, social circle and actions of the computer user. The context-based analysis by an expert can provide the perspective to digital evidence that is a step above searching and sorting. A completed context-based analysis is something that we call a “digital fingerprint.”