As technology has increasingly become part of our lives in the past two decades, criminals have used technology for nefarious purposes. This has resulted in an increase of cyber crimes, or crimes committed via the Internet and/or with electronic devices. Examples of cyber crimes include hacking, identity theft, invasion of privacy, online stalking, transaction fraud, and more. Tech savvy criminals have led to an increase of law enforcement education when it comes to cyber crimes and digital forensics. Most law enforcement agencies from the local to federal levels have dedicated units responsible for the investigation of cyber crimes and digital forensics.
The field of digital forensics has grown out of the need for combating and policing cyber crimes.
Digital forensics is the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.
To better understand the aspects involved in digital forensics, the field is divided into five branches.
Mobile forensics involves collecting digital data and evidence from mobile devices such as phones, tablets, GPS units, smartwatches, and more. These devices differ from computers as mobile devices have GSM embedded. Data collected from mobile devices goes beyond texts, calls, and emails. Mobile devices contain value information such as user location and data that can be used during criminal investigations.
This branch of digital forensics deals with data exported from databases for use in an investigation. Database forensics explores and investigates the information, users, actions, and timestamps within that database. Database forensics is primarily utilized during the investigation of crimes that occurred in a business setting.
Previously, all digital forensics were referred to as “computer forensics”, since more technology has hit the market that allows Internet access and data storage, the term now refers to the gathering of evidence from an actual computer. Computer forensics accesses memory and history in order to aid in an investigation.
Network forensics collects network traffic and data over a large or local network region. Network data is considered unreliable in investigations as it is difficult to record. This type of forensics is also used to investigate hacking.
Forensic Data Analysis
This branch is the actual process of analyzing the data collected from devices, networks, and databases and studying them to detect criminal activity.