What is Digital Forensics?
A brief overview of computer forensics, mobile forensics, and other types of digital investigation.
Overview
Digital forensics is the application of scientific tests or techniques to collect digital evidence in connection with litigation or other types of investigation. It is an integral part of the legal discovery process, but can also be a valuable tool for avoiding or shortening litigation.
Digital forensics is typically divided into sub-specialties by data source. For example, computer forensics involves collection of data from desktops and laptops. Similarly, mobile forensics involves collection of data from cellphones and tablets. There are many other potential sources of data including email, social media, and cloud storage. A thorough investigation often involves examination of multiple sources of data and careful comparison of the information collected from each.
Digital Forensics Can Enhance an Investigation
An experienced digital forensics team can:
- collect email, text, and other communications;
- find critical documents;
- recover deleted communications and files; and
- determine the activities of a specific user at a specific time.
Most importantly, forensic investigators can make connections between disparate documents, communications, logs, and data artifacts to help the client draw conclusions about what may have occurred in their case.
Digital Forensics Requires Expertise
Digital forensics teams use specialized equipment and software to collect and examine devices without changing the data or the metadata (such as the last modified time or the document author). This prevents the client from relying on data that was inadvertently modified in the investigation. The advanced tools and years of experience also help forensic examiners collect data that has been deleted or corrupted, as well as system data that is not normally accessible to a user.
This specialized scientific approach protects the integrity of the data and ensures it is admissible in court.
