Digital forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analyzing, and reporting on data stored electronically. Electronic evidence is a component of almost all criminal activities and digital forensics support is crucial for law enforcement investigations.
As society increases reliance on computer systems and cloud computing, digital forensics becomes a crucial aspect of law enforcement agencies and businesses.
Digital forensics is concerned with the identification, preservation, examination and analysis of digital evidence, using scientifically accepted and validated processes, to be used in and outside of a court of law.
Purpose of Digital Forensic
The most common use of digital forensics is to support or refute a hypothesis in a criminal or civil court:
- Criminal cases: Involve the alleged breaking of laws and law enforcement agencies and their digital forensic examiners.
- Civil cases: Involve the protection of rights and property of individuals or contractual disputes between commercial entities where a form of digital forensics called electronic discovery (eDiscovery) may be involved.
1.Identification: First, find the evidence, noting where it is stored.
2. Preservation: Next, isolate, secure, and preserve the data. This includes preventing people from possibly tampering with the evidence.
3. Analysis: Next, reconstruct fragments of data and draw conclusions based on the evidence found.
4. Documentation: Following that, create a record of all the data to recreate the crime scene.
5. Presentation: Lastly, summarize and draw a conclusion.
Types of digital forensics
- Disk Forensics: It deals with extracting data from storage media by searching active, modified, or deleted files.
- Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.
- Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.
- Database Forensics: It is a branch of digital forensics relating to the study and examination of databases and their related metadata.
- Malware Forensics: This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.
- Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.
- Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump.
- Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc.
Challenges faced by Digital Forensics
Here, are major challenges faced by the Digital Forensic:
- The increase of PC’s and extensive use of internet access
- Easy availability of hacking tools
- Lack of physical evidence makes prosecution difficult.
- The large amount of storage space into Terabytes that makes this investigation job difficult.
- Any technological changes require an upgrade or changes to solutions.