Digital forensics may be defined as the branch of forensic science that analyzes, examines, identifies and recovers the digital evidences residing on electronic devices. It is commonly used for criminal law and private investigations.

For example, you can rely on digital forensics extract evidences in case somebody steals some data on an electronic device.

A computer forensics investigation process involves three major phases as explained below:

Phase 1: Acquisition or Imaging of Exhibits

The first phase of digital forensics involves saving the state of the digital system so that it can be analyzed later. It is very much similar to taking photographs, blood samples etc. from a crime scene. For example,it involves capturing an image of allocated and unallocated areas of a hard disk or RAM.

Phase 2: Analysis

The input of this phase is the data acquired in the acquisition phase. Here, this data was examined to identify evidences. This phase gives three kinds of evidences as follows:

  • Inculpatory evidences: These evidences support a given history.
  • Exculpatory evidences: These evidences contradict a given history.
  • Evidence of tampering: These evidences show that the system was tempered to avoid identification. It includes examining the files and directory content for recovering the deleted files.

Phase 3: Presentation or Reporting

As the name suggests, this phase presents the conclusion and corresponding evidences from the investigation.

Content coming soon…………..

Copyright© 2020 all rights reserved by Designed & Developed by Radical Creation.