Digital forensics comprises of the techniques which deal with the investigation and searching of digital evidence. It is a branch of forensic science involving the [1] process of identification, collection, preservation, examination, and presenting digital data or evidence. Digital forensics aims to reconstruct the sequence of events that took place at the crime scene. Digital data and media can be recovered from figure1 shown below digital devices like mobile phones, laptops, hard disk, pen drive, floppy disk, and many more.

Figure1: Digital Forensic Investigations

Digital forensics is the process of investigation of digital data collected from multiple digital sources. During the investigation process, a step-by-step procedure is followed in which the collected data is preserved and analyzed by a cybercrime investigator. Further to this, it can be used as the potential source of evidence in the court of law.

I prefer the term digital forensic investigation over digital forensics because the process that is associated with "digital forensics" is much more similar to a physical crime scene investigation than to [2] physical forensics. The "physical forensics" are used to answer a more limited set of questions than a general investigation. Physical forensics is used to "identify" a substance, which determines the class of the substance.

For example, a red liquid could be identified as blood or fruit juice. Physical forensics are also used to "individualize" an object, which determines the unique source of an object. For example, blood from a crime scene could be compared with a sample from a suspect to determine if the two blood samples are the same or two bullets could be compared to determine if they were shot from the same gun.

The process to determine how someone compromised a computer and identify what they had access to is much more involved than identification and individualization. It is a process of searching for evidence and then analyzing it.

A Digital Forensics Investigator is someone who has a desire to follow the evidence and solve a crime virtually. Imagine a security breach [3] happens at a company, resulting in stolen data. In this situation, a computer forensic analyst would come in and determine how attackers gained access to the network, where they traversed the network, and what they did on the network, whether they took information or planted malware.

Types of Digital Forensics [4]

• Disk Forensics:
  It deals with extracting data from storage media by searching active, modified, or deleted files.
• Network Forensics:
  It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.
• Wireless Forensics:
  It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.
• Database Forensics:
  It is a branch of digital forensics relating to the study and examination of databases and their related metadata.
• Malware Forensics:
  This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.

References:

1. https://www.mailxaminer.com/blog/what-is-digital-forensics-and-how-is-it-used-in-investigations/#:~:text=%20There%20are%20sequential%20steps%20for%20the%20digital,Analysis%3A%20Analysis%20involves%20in-depth%20examination%20of...%20More%20
2. https://www.digital-evidence.org/di_basics.html
3. https://www.eccouncil.org/what-is-digital-forensics/
4. https://www.guru99.com/digital-forensics.html

Cite this article:

Nandhinidwaraka. S (2021), The Digital Forensic Investigations, Anatechmaz, pp. 69