What is digital forensics
Digital forensics (computer forensics) is the application of scientifically grounded methods to identify, preserve, examine and analyze digital evidence, and present findings in response to legally relevant questions.
The term is also used more broadly for cyber incident investigations and private-sector engagements, even when police or courts are not directly involved.
History of digital forensics
The development of digital forensics accelerated as more evidence moved from paper to digital media. During the 1980s and 1990s, the profession was gradually standardized through methods, tools and procedures. Additional momentum came from the rise of cybercrime, the high volume of seized devices, and the development of rules related to electronic discovery (e-discovery) in certain jurisdictions.
How it is used in investigations
- Collection and preservation of evidence
- Examination (extraction and identification of relevant data)
- Analysis (interpretation and linking findings to the case)
- Reporting (presentation of findings understandable even to non-specialists)
Tools and domains
Digital forensics uses various tools (open-source and commercial) for forensic imaging and analysis of data, file-system artifacts, registry databases, internet and email artifacts, mobile devices, network traffic and databases.
Careers in digital forensics
Roles can be investigative, technical or analytical, in the public sector (law enforcement, government agencies, laboratories) and the private sector (companies, consulting firms, internal DFIR units).