What is Digital Forensics?

Category: Privacy

Digital forensics - computer forensics in older terminology - is the discovery, recovery, and investigation of digital information. You will usually hear the term digital forensics in connection with the investigation of a crime. But it also applies to recovery of an accidentally deleted file, or a forgotten password. You might be surprised to learn what kinds of information can be discovered through digital forensics...

Digital Forensics and Evidence Discovery

Digital forensics, in the legal world, takes one of three forms. Forensic analysis involves recovery of evidence in order to support a legal hypothesis in criminal court. Detecting deleted files and undeleting them would be an example. "eDiscovery" is often used in civil litigation to compel one party to turn over copies of digital information believed to be in its possession. Freedom of Information Act demands made to government agencies can also be considered eDiscovery. "Intrusion investigation" delves into the nature, extent, and modus operandi of unauthorized network intrusions - the geeky equivalent of a burglary investigation.

In digital forensics' early days, most investigations were "live forensics." That means investigators directly manipulated a hard drive, for example, to discover what was on it and recover deleted data. But tampering directly with evidence in live forensics poses the risk of altering the evidence, making it vulnerable to defense challenges. Nowadays, special software tools such as SafeBack and DIBS preserve the original evidence while making backup copies for forensic examination. These tools document the backup and tinkering done on data to preserve the "chain of evidence" required by courts.
Digital Forensics - Evidence Discovery

Hiding Your Tracks is Harder Than You Think

Digital forensics is used to discover more than the content of a hard drive or other digital device. It can be used to establish a person's intent or state of mind. For example, a suspect in a murder case whose Google search history includes "how to kill someone" may be in deep yogurt. Alibis can be refuted by mobile phone records that prove the phone (and, presumably, its owner) actually were not in Mexico when a crime was committed in Los Angeles. eDiscovery of ISPs' records can lead investigators to a computer that was used to download child p**n or email top-secret documents to Wikileaks. Credit and debit card transactions can reveal much about a suspect's movements and purchases.

The source of a digital document can sometimes be established through digital forensics. For example, older copies of Microsoft Word inserted a unique identifier into the "meta data" of every document which identified the specific computer on which the document was created. Related to source identification is "document authentication," the detection of alterations made to meta data and other data in a document. If the creation date of a digital copy of a contract has been altered, for example, document authentication techniques can detect the falsification and, in some cases, recover the true creation date.

Careers in digital forensics are pretty good investments. Digital crime is booming and trained digital forensics experts are in great demand. If you like delving into the technical underworld of computers or tracking down Web sites online, digital forensics may be just the job for you.

Do you have something to say about digital forensics? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 13 Jan 2011

For Fun: Buy Bob a Snickers.

Prev Article:
Buying a Laser Printer

The Top Twenty
Next Article:
Verizon iPhone

Most recent comments on "What is Digital Forensics?"

Posted by:

Sindy Lu Who
01 Feb 2011

Can you digitally tell what type of printer a document came from if it is from a black and white printer?

Posted by:

08 Mar 2011

No, only color laser can be identified, because of yellow dots.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- What is Digital Forensics? (Posted: 13 Jan 2011)
Source: https://askbobrankin.com/what_is_digital_forensics.html
Copyright © 2005 - Bob Rankin - All Rights Reserved