What Does Digital Forensics Mean?
Digital forensics is the process of retrieving, storing, analyzing and preserving electronic data that could be useful in an investigation. This includes information from computers hard drives, mobile phones, smart appliances, vehicle navigation systems, electronic door locks and other digital devices. The goal of the process is to gather, analyze and preserve evidence.
In the United States, the Department of Homeland Security has identified five branches of digital forensics, categorized by how the data is transmitted and where it is stored:
- Computer forensics - focuses on recovering and preserving evidence in computers and storage devices such as hard drives and flash drives.
- Mobile device forensics - focuses on the recovery and preservation of digital evidence in mobile and wearable devices, such as smartphones, flash drives and and fitness trackers.
- Network forensics - focuses on reviewing logs to determine the connection between network access and a criminal action.
- Database forensics - focuses on the identification, collection, preservation, reconstruction, analysis and reporting of incidents that have the potential to negatively impact data integrity.
- Forensics data analysis - focuses on uncovering patterns in data that might indicate fraudulent activity, especially fraudulent financial activity.