Digital Forensics

Why Trust Techopedia

What Does Digital Forensics Mean?

Digital forensics is the process of retrieving, storing, analyzing and preserving electronic data that could be useful in an investigation. This includes information from computers hard drives, mobile phones, smart appliances, vehicle navigation systems, electronic door locks and other digital devices. The goal of the process is to gather, analyze and preserve evidence.


In the United States, the Department of Homeland Security has identified five branches of digital forensics, categorized by how the data is transmitted and where it is stored:

  1. Computer forensics – focuses on recovering and preserving evidence in computers and storage devices such as hard drives and flash drives.
  2. Mobile device forensics – focuses on the recovery and preservation of digital evidence in mobile and wearable devices, such as smartphones, flash drives and and fitness trackers.
  3. Network forensics – focuses on reviewing logs to determine the connection between network access and a criminal action.
  4. Database forensics – focuses on the identification, collection, preservation, reconstruction, analysis and reporting of incidents that have the potential to negatively impact data integrity.
  5. Forensics data analysis – focuses on uncovering patterns in data that might indicate fraudulent activity, especially fraudulent financial activity.

Techopedia Explains Digital Forensics

Digital forensics includes recovering and preserving material found on digital devices during the course of a criminal investigation. The evidentiary nature of digital forensic science requires rigorous standards to stand up to cross examination in court.

The challenges facing digital forensic investigators include:

  • Extracting data from locked, damaged or destroyed computing devices.
  • Locating specific data entries in large amounts of data stored locally or in the cloud.
  • Documenting the digital chain of custody.
  • Ensuring the integrity of data throughout an investigation.

Digital Forensics Tools

Digital forensic tools can also help ICT managers proactively identify areas of risk. Popular tools include:

Forensic disk controllers – allow the investigator to read a target device's data while preventing its data from being modified, corrupted or erased.

Hard-drive duplicators – allow the investigator to copy files from a suspect hard drive, thumb drive or memory card onto a clean drive for analysis.

Password recovery devices — use machine learning algorithms to crack password-protected storage devices.


Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.