What is Digital Forensics?

Jun 19, 2018

Industry News

Sharing is caring

Digital forensicsDigital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts. Forensics may also feature in the private sector; such as during internal corporate investigations or intrusion investigation (a specialist probe into the nature and extent of an unauthorised network intrusion).

The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.

The actual process of analysis can vary between investigations, but common methodologies include conducting keyword searches across the digital media (within files as well as unallocated and slack space), recovering deleted files and extraction of registry information (for example to list user accounts, or attached USB devices).

When used in a court of law digital evidence falls under the same legal guidelines as other forms of evidence; courts do not usually require more stringent guidelines. Laws dealing with digital evidence are concerned with two issues: integrity and authenticity. Integrity is ensuring that the act of seizing and acquiring digital media does not modify the evidence (either the original or the copy). Authenticity refers to the ability to confirm the integrity of information; for example that the imaged media matches the original evidence. The ease with which digital media can be modified means that documenting the chain of custody from the crime scene, through analysis and, ultimately, to the court, (a form of audit trail) is important to establish the authenticity of evidence.

Once analysis is complete, Digital investigators present a comprehensive, understandable and defendable report. Digital investigators, particularly in criminal investigations, have to ensure that conclusions are based upon factual evidence and their own expert knowledge. The admissibility of digital evidence relies on the tools used to extract it.


Sharing is caring

2 comments on “What is Digital Forensics?

  1. ergfirnolikz says:

    I’m really enjoying the design and layout of your website. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a developer to create your theme? Great work!

    1. Salome says:

      Good Morning

      We are happy to hear that you like our website.
      We don’t have a developer, we use WordPress and write every post inhouse.
      If we get stuck or struggle with any of the tech/computer stuff, he call one of our contacts to give us some pointers or come and fix it.

      Kind regards
      Uphando team

Join the Discussion