Watch: overview of digital forensics (5:25)
🔗 Video Link : CLICK HERE
Digital forensics is the process of identifying, preserving, analysing, and presenting digital evidence. This field has evolved since the 1970s to adapt to the increasing use of technology in criminal activities.
Digital forensics tools aid investigators in capturing, analyzing, and preserving evidence of crimes within compromised systems. Investigators must understand malware, operating systems, networks, and applications.
- Computer-based crimes: These are crimes committed directly using computers. Examples include cyberstalking, cyberterrorism, and human exploitation.
- Computer-facilitated crimes: These are crimes where computers play a supporting role. A key example is data breaches that result in the theft of information.
Areas of ANALYSIS
- Storage Media
- Hardware and Operating Systems
- Networks
- Applications
To effectively address these crimes, the sources emphasise the need for a scientific and meticulous approach throughout the digital forensics process. this is where the DIGITAL FORENSICS SCIENTIFIC PROCESS comes to play.
Digital Forensics Scientific Process
PROCESS of Digital Forensics Scientific Process
Process Involves data collection, examination and analysis, and requires adherence to a scientific process and chain of custody.
- Obtaining search authority to legally gather evidence.
- Documenting the chain of custody to ensure the integrity and traceability of the evidence.
- Hashing and duplicating all evidence to preserve the original data and prevent tampering.
Branches of digital forensics
- Computer Forensics : This branch focuses on individual computers, often requiring the creation of disk images to preserve evidence.
- Network forensics: This branch concentrates on monitoring and analysing computer network traffic to uncover evidence of malicious activity.
- Mobile device forensics: This branch addresses the challenges presented by mobile devices, such as memory volatility, and requires strict adherence to proper handling procedures
Forensic considerations into enterprise
- Contacting law enforcement when necessary.
- Monitoring systems for suspicious activity.
- Conducting regular reviews of forensic policies, guidelines, and procedures.
- Preserving and maintaining evidence according to best practices.