What is digital forensics?

by

This blog post was originally posted here.
Author: Josh Carder – Digital Forensics Specialist, Grayshift

Digital Forensics is commonly defined as the recovery and investigation of material found in digital devices. But what does this entail?

In the early days of this field, it was labeled Computer Forensics. This discipline has expanded over the years to include all devices capable of storing digital data and re-branded as Digital Forensics. Devices storing digital data can include anything from your personal computer to your refrigerator. In today’s world, digital storage devices are part of many aspects of our lives. Most notably are our mobile phone devices and the Internet of Things (IoT).

For Digital Forensic Investigators, this means having a multifaceted skillset and a willingness to continue their education throughout their career. It is no surprise to anyone that this job is continually changing due to the constant advancements in the digital devices that are encountered. For those that are responsible for multiple aspects of an investigation with digital forensics only being a part of their job description, it is not enough to just wear multiple hats. They must also have multiple colors of the same digital forensics hat to be an expert in computer forensics, mobile forensics etc.

Digital evidence has crept into all types of investigations. This means that all members of your team need to have some awareness and education in digital forensics. For agencies with dedicated evidence intake personnel, it is beneficial to educate them on the proper handling of digital evidence as well. Properly seizing and storing digital evidence can be paramount to your investigations due to the security that is implemented on digital devices. It is worthwhile to educate those team members on proper handling even if that is the only time they will interact with the evidence. It can make your life as a Digital Forensics Investigator much easier in proving the guilt or innocence of an individual.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Now that the evidence has been seized and transported back to your lab, the process of creating a forensic image, or copy, is performed. Continued care should be taken with the evidence item to ensure as much data can be collected as possible from the device. The forensic image is what your examination will be conducted on as opposed to the evidence item itself. While manually searching the device itself is sometimes necessary, this is not typical in most investigations. After your forensic image is created, a hash value will be reported for the newly created file. This hash value is a result of a calculation, or hash algorithm, that is performed on the forensic image obtained from the device. This hash value is important as it is used to verify the integrity of your forensic image throughout the life cycle of your investigation.

There are any number of tools you can use to perform analysis of the evidence. Having multiple analytical tools is always good practice as each tool has their strengths and weaknesses. If you are a dedicated Digital Forensics Investigator, it can be beneficial to ask the Investigator as many questions about the case before beginning your analysis. Anyone in this position has heard the line “Give me everything.” As you can imagine, that can be an overwhelming amount of data and without applying techniques to filter through the data, evidence could be missed. Whatever methods are applied to search for data, examinations of the evidence must be thorough and proper note taking is critical. The results of digital forensic examinations must be repeatable. It is also good practice to take breaks during your examination to decompress. Some of the material that Digital Forensics Investigators are subjected to can take their toll on an individual. Practicing good mental health can help avoid burnout.

Digital forensics are at the forefront of investigations. And the devices that are seized are changing and advancing almost daily. For Digital Forensic Investigators it is important to keep up with training on your tools. Staying abreast of current trends in the field is beneficial to your investigative techniques and can lead to more productive acquisitions and analysis of digital evidence items.

The material and information contained in this resource is based on 30+ years of in-the-field experience from the Grayshift Digital Forensic team and is intended for general information purposes only.  As always, please defer to your department’s policies and procedures as they relate to digital forensics. 

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_AfSiWHngSnw

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 4:55 pm

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_Mqq8XgKvup4

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 3:58 pm

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image. From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case. Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice. Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability. Useful links: Amped FIVE - https://ampedsoftware.com/five Video Evidence Principles - https://blog.ampedsoftware.com/2023/0... CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image.

From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case.

Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice.

Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability.

Useful links:

Amped FIVE - https://ampedsoftware.com/five
Video Evidence Principles - https://blog.ampedsoftware.com/2023/0...
CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_dnSPwNdMn5M

Investigating Video: The Vital First Steps

Forensic Focus 13th May 2024 10:09 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles

Accelerating Evidence Analysis: An Investigator’s Take On The Advantages Of Media Acquisition From Detego Global
News

Accelerating Evidence Analysis: An Investigator’s Take On The Advantages Of Media Acquisition From Detego Global

ByDetego Digital ForensicsMay 16, 2024
The Differences Between Full Disk And Triage Acquisition
News

The Differences Between Full Disk And Triage Acquisition

ByCado SecurityMay 16, 2024
Digital Forensics Round-Up, May 15 2024
News

Digital Forensics Round-Up, May 15 2024

ByForensic FocusMay 15, 2024
Investigating Video: The Vital First Steps
Webinars

Investigating Video: The Vital First Steps

ByAmpedSoftwareMay 13, 2024
Forensic Focus Digest, May 10 2024
News

Forensic Focus Digest, May 10 2024

ByForensic FocusMay 10, 2024
Oxygen Forensic® KeyDiver
Webinars

Oxygen Forensic® KeyDiver

ByOxygenForensicsMay 9, 2024