Digital forensics may be defined as the branch of forensic science that analyzes, examines, identifies and recovers the digital evidences residing on electronic devices. It is commonly used for criminal law and private investigations.
For example, you can rely on digital forensics extract evidences in case somebody steals some data on an electronic device.
A computer forensics investigation process involves three major phases as explained below:
Phase 1: Acquisition or Imaging of Exhibits
The first phase of digital forensics involves saving the state of the digital system so that it can be analyzed later. It is very much similar to taking photographs, blood samples etc. from a crime scene. For example,it involves capturing an image of allocated and unallocated areas of a hard disk or RAM.
Phase 2: Analysis
The input of this phase is the data acquired in the acquisition phase. Here, this data was examined to identify evidences. This phase gives three kinds of evidences as follows:
- Inculpatory evidences: These evidences support a given history.
- Exculpatory evidences: These evidences contradict a given history.
- Evidence of tampering: These evidences show that the system was tempered to avoid identification. It includes examining the files and directory content for recovering the deleted files.
Phase 3: Presentation or Reporting
As the name suggests, this phase presents the conclusion and corresponding evidences from the investigation.
The digital crime is not restricted to computers alone, however hackers and criminals are using small digital devices such as tablets, smart-phones etc. at a very large scale too. Some of the devices have volatile memory, while others have non-volatile memory. Hence depending upon type of devices, digital forensics has the four branches, With the Knowledge of this course, you will be master of the mentioned branches of Digital Forensics.
Computer Forensics
This branch of digital forensics deals with computers, embedded systems and static memories such as USB drives. Wide range of information from logs to actual files on drive can be investigated in computer forensics.
Mobile Forensics
This deals with investigation of data from mobile devices. This branch is different from computer forensics in the sense that mobile devices have an inbuilt communication system which is useful for providing useful information related to location.
Network Forensics
This deals with the monitoring and analysis of computer network traffic, both local and WAN(wide area network) for the purposes of information gathering, evidence collection, or intrusion detection.
Database Forensics
This branch of digital forensics deals with forensics study of databases and their metadata.
Digital forensics examiners help to track hackers, recovers to lend data, and follow computer attacks back to their source, and aid in other types of investigations involving computers. Some of the key skills required to become digital forensics examiner.Outstanding Thinking CapabilitiesA digital forensics investigator must be an outstanding thinker and should be capable of applying different tools and methodologies on a particular assignment for obtaining the output. He/she must be able to find different patterns and make correlations among them.Technical SkillsA digital forensics examiner must have good technological skills because this field requires the knowledge of network, how digital system interacts.Passionate about Cyber SecurityBecause the field of digital forensics is all about solving cyber-crimes and this is a tedious task, it needs lot of passion for someone to become an ace digital forensic investigator.Communication SkillsGood communication skills are a must to coordinate with various teams and to extract any missing data or information.
