What is digital forensics?

Hey guys, this is Akhil gabbeta.  In this post we will discuss about Digital forensics and basic guide to learn digital forensics so lets get started without further due

What is digital forensics?

  • Digital forensics is a modern-day field of forensic science, that deal with the recovery and investigation of material found in digital devices.
  • Digital forensics (sometimes known as digital forensic sciences) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.
  • Digital forensics is the “Process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings in a court of law.


Reasons for performing Digital forensics?

  • Identifying a leak within an organization.
  • Assessing the possible damage that occurred during a breaching.
  • Reconstruct the crime scene.
  • Adding security hygiene, retracing hacker ways, and chasing hacker tools.
  • Searching for data access/ exfiltration.
  • Relating the duration of unauthorized on the network.
  • Geolocating the logins and mapping them.


Types of Digital Forensics:

  • Computer Forensics
  • Network Forensics
  • Forensics Data Analysis
  • Mobile Device Forensics
  • IoT Forensics
  • Cloud Forensics and many more…


Process of Digital Forensics:

  1. Identification – Crime happens, Identity crime scene.
  2. Preservation – Warrant, a first responder, seize evidence, transport.
  3. Extraction – Bit-by-Bit copy, MD5, SHA, Chain of custody, storage.
  4. Interpretation – Analysis.
  5. Documentation – Report Generation.
  6. Presentation – show evidence at court.


Locard’s Exchange Principle

Locard’s Exchange Principle does apply to cyber crimes involving computer networks, such as identity theft, electronic bank fraud, or denial of service attacks, even if the perpetrator does not physically come in contact with the crime scene.

Although the criminal may make virtual contact with the crime scene through the use of a proxy machine, we believe he will still “Leave a Trace” and digital evidence will exist.


Chain Of Custody (Digital Forensics Investigation):

A Process used to maintain and document the chronological history of the handling of electronic evidence. A chain of custody ensures that the data presented is “As Originally Acquired” and has not been altered prior to admission into evidence.

In a legal environment, the chain of guardianship process refers to acquiring, storing, securing, and transferring an asset, whether digital or physical; further specifically, tracking and establishing each transfer of the asset as it moves from one place to another. While being a long and tedious process, a chain of guardianship is vital as it ensures the authenticity of the acquired asset, increases translucency, and allows the labor force involved to be held responsible for the conduct taken on the asset. With respect to cybersecurity, these means can either be outfit, structure, substantiation, systems, and data. A break in the chain or guardianship is inferior, as it refers to a period during which the control of the asset is unknown, and the conduct taken on the said asset cannot be verified and reckoned for.


Bonus: Top 5 Books for digital forensics

1. Forensics: What Bugs, Burns, Prints, DNA, and More Tell Us about Crime

2. Techniques of Crime Scene Investigation 7th Edition

3. Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition

4. Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, 2nd Edition

5. Digital Forensics Explained



Thank you so much for reading this.