• Mail
  • Linkedin
  • Twitter
Hire Us
Law and Forensics
  • Home
  • Products
  • Services
    • Cybersecurity Services
      • Assessments
      • Board Consulting
      • Data Governance
      • Due Diligence
      • Financial Institutions
      • Incident Response
      • Investigations
      • Privacy
      • Tabletops
    • eDiscovery Services
      • Consulting
      • Data Preservation
      • Expert Witness
      • Training Practice
    • Forensic Services
      • Cloud Computing
      • Consulting
      • Expert Testimony
      • Internet of Things
      • Investigations
      • Mobile Device
      • Dispute Resolution Services
      • Social Media
      • Server Forensics
  • Insights
  • About Us
  • Search
  • Menu
  • What is digital forensics?

    INSIGHTS

What is digital forensics?

September 3, 2018

By Law & Forensics

What is digital forensics?

Have you ever watched the well-known American TV show CSI: Crime Scene Investigation, being fascinated as the team of investigators followed up on fingerprints, hairs, drops of blood, or any other indications that someone was here? In the same way as people leave physical pieces of evidence of where they’ve been, they leave virtual traces online, too. File fragments, activity logs, and metadata, among others, may be indications that someone is not where they are supposed to be.

What is digital forensics?
The process of examining, interpreting, or reconstructing digital evidence on computers, networks, or the web is referred to as digital forensics. It’s more than just finding evidence, however – a digital forensic specialist also has to be aware of the law to ensure that what they find is accepted by a court, no matter what kind of investigation is ongoing.

The evidence gathered from digital forensics can be helpful in authenticating the source of a document or some software, or even to catch a criminal committing cybercrime. This is why digital forensic specialists may be used in law enforcement, open investigations, and even in cybersecurity.

Mobile Phone Forensics
Mobile devices and appliances connected to the Internet of Things are becoming increasingly common, so it shouldn’t really be remarkable that an entire section of digital forensics is dedicated to these devices.

Also known as cell phone forensics, this digital forensics division may recover deleted data from mobile devices, analyze any recovered data, extract customer data, and even get rid of any malware that may be on your devices.

If you take a look at that last point again, you’ll realize that the ability of these specialists to remove malware from your phone can definitely be used in a negative manner. If a hacker or someone who means harm has that capability, the very technique meant for good can be used to obtain personal data that can then be leveraged against you.

Forensic Digital Evidence
When you are using a computer, you are leaving traces, also known as “digital fingerprints”. It may be your web browser history, cookies, file fragments, headers, metadata, timestamps, and even backup files. In either cases of cybersecurity and digital forensic investigations, experts can take this information and make sense of it, noting an incident, proving a perpetrator, or developing a strategy to fix the shortcoming.

The data gathered from the activity and methods used by hackers and cybercriminals can be extremely valuable in preventing future violations, understanding the techniques of cybercriminals, or finding new types of malware. Intelligence databases and digital security companies alike can make use of this information to improve their current practices.

For enterprise owners, however, the information is used to respond to that particular attack and figure out how to prevent future similar violations. Specialists can find data on attack vectors, new or evolved from of malware, and even Advanced Persistent Threats, which are cyber attacks that go on for months or even years, subtly gaining access to your system.

Digital Forensic Collection
Just as physical crime scenes are kept as undisturbed as possible, it’s best when digital crime scenes are untouched so that the data obtained is pure and uninfluenced.

When you open a program or a document, you leave a trace, even if you do not save it. When a system is procured that is suspected to be related to a case, it’s usually required that no one touch or make changes to the system until a digital forensics investigator gets a chance to obtain any evidence that can be found on the system. This is particularly true in cases where you have to establish that there were particular files were accessed, the methods used to access them, and the timeline of events.

In the process of collecting digital evidence, an investigator usually starts by getting a precise clone of the system at the time it was copied. Oftentimes, a device called a write-blocker is used, which allows copies to be made of a system that is shut down.

There are cases where investigators are unable to shut down a system for fear that some evidence may disappear. In such a situation, specialists would use a “live acquisition” technique that runs a diagnostic program on the system in question, copying information into the specialist’s drive.

Investigators have to be sure that they have due cause to obtain data from a system, otherwise evidence obtained throughout the investigation could be deemed inadmissible.

Insights

  • I Could Be Prosecuted for Paying Ransomware Ransom! How is that Possible?
  • Best Practices for Remote Advocacy During the Pandemic
  • Mastering Complex Cases: Effective Use of Special Masters in Complex Civil Cases
  • The COVID-19 Impact on Arbitration & How To Navigate Virtual Proceedings
  • Arbitration During A Global Pandemic: How to Properly Leverage Zoom and Similar Platforms to Conduct Arbitration Hearings
  • Employer Best Practices for Monitoring Remote Devices
  • Here’s Why Your Employer May Monitor Your Personal Files On Company Devices
  • Customizing Traditional Models of Mediation to Work in Today’s Covid-19 Environment
  • A Keystroke Causes a Tornado: Applying Chaos Theory to International Cyber Warfare Law

Newsletter

Contact Us

Contact Us
Sales Inquiry
​Press Inquiry
​Speaking Inquiry
Job Inquiry

CYBERSECURITY PRACTICE

Assessments
Board Consulting
Data Governance
Due Diligence
Financial Institutions
Incident Response

Investigations
Privacy
Tabletops

EDISCOVERY PRACTICE

Consulting

Data Preservation
Expert Witness

Training Practice

FORENSICS PRACTICE

Cloud Computing
Consulting
Expert Testimony
Internet of Things
Investigations
Mobile Device
Dispute Resolution Services
Social Media
Server Forensics  

ARTICLES

Browse All Articles

LECTURES

Browse All Lectures

RESOURCES

About Us
Events
Search

Law & Forensics © 2020. All Rights Reserved
  • Privacy Policy
  • Legal Notices
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy