What Does Digital Forensics Mean?
Digital forensics is the process of retrieving, storing, analyzing and preserving electronic data that could be useful in an investigation. This includes information from computers hard drives, mobile phones, smart appliances, vehicle navigation systems, electronic door locks and other digital devices. The goal of the process is to gather, analyze and preserve evidence.
In the United States, the Department of Homeland Security has identified five branches of digital forensics, categorized by how the data is transmitted and where it is stored:
- Computer forensics – focuses on recovering and preserving evidence in computers and storage devices such as hard drives and flash drives.
- Mobile device forensics – focuses on the recovery and preservation of digital evidence in mobile and wearable devices, such as smartphones, flash drives and and fitness trackers.
- Network forensics – focuses on reviewing logs to determine the connection between network access and a criminal action.
- Database forensics – focuses on the identification, collection, preservation, reconstruction, analysis and reporting of incidents that have the potential to negatively impact data integrity.
- Forensics data analysis – focuses on uncovering patterns in data that might indicate fraudulent activity, especially fraudulent financial activity.
Techopedia Explains Digital Forensics
Digital forensics includes recovering and preserving material found on digital devices during the course of a criminal investigation. The evidentiary nature of digital forensic science requires rigorous standards to stand up to cross examination in court.
The challenges facing digital forensic investigators include:
- Extracting data from locked, damaged or destroyed computing devices.
- Locating specific data entries in large amounts of data stored locally or in the cloud.
- Documenting the digital chain of custody.
- Ensuring the integrity of data throughout an investigation.
Digital Forensics Tools
Digital forensic tools can also help ICT managers proactively identify areas of risk. Popular tools include:
Forensic disk controllers – allow the investigator to read a target device's data while preventing its data from being modified, corrupted or erased.
Hard-drive duplicators – allow the investigator to copy files from a suspect hard drive, thumb drive or memory card onto a clean drive for analysis.
Password recovery devices — use machine learning algorithms to crack password-protected storage devices.