Digital Forensics

Definition - What does Digital Forensics mean?

Digital forensics is the process of uncovering and interpreting electronic data for use in a court of law. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events.

Techopedia explains Digital Forensics

The evidentiary nature of digital forensic science requires rigorous standards to stand up to cross examination in court. As a result, there have been efforts by organizations like the National Institute of Standards and Technology, which published the "Guide to Integrating Forensic Techniques into Incident Responses".

Despite this, there are several challenges facing digital forensic investigators:

  • How does one duplicate or preserve evidence without knowing the duplication itself inherently changed the data?
  • Time lines are critical for showing who did what, and when. But digital time stamps are notoriously absent, or can easily be spoofed, in digital data.
  • In order to be able to state conclusively that Action A caused Result B, the concept of repeatability must be introduced. This is very difficult with digital forensics.
Posted by:

Connect with us

Techopedia logo for Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
Techopedia on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join 138,000+ IT pros on our weekly newsletter