Digital Forensics

Digital Forensics (sometimes referred to as digital forensics science) refers to the field of modern forensics science that deals specifically with the recovery and investigation of digital materials related to acts of alleged or established cybercrimes.

The field has more recently been further subdivided into four smaller branches, each branch being specialized in investigating certain digital devices. These branches include:

  • computer forensics
  • network forensics
  • mobile forensics
  • and forensic data analysis.

How Digital Forensics Works

Digital forensics experts focus on identifying, preserving, and analyzing digital evidence using strict, scientific-based methods. Once a particular computer, cellphone, or storage device is flagged for investigation, digital forensics experts will follow a strict procedure before attempting to analyze the data.

Much like in the case of physical evidence, one of the earliest concerns for digital forensics experts is to eliminate the possibility of cross-contamination. Before any attempts to read and/or analyze the data are made, meticulous images or copies of the data on the exhibit device are created and sequestered separately. These images are then verified against the data on the original storage device multiple times during an investigation, using SHA-1 or MD5 hash functions to ensure the evidence has not been tampered with.

What follows from there is a complex process involving a variety of tools, whereby digital forensics experts will install write-blocking software to prevent any data changes on the device. From there, they will employ appropriate software to extract all the contents of interest to the investigation for analysis. Once Acquired, files are analyzed to identify possible evidence.

History of Digital Forensics

Prior to the late 1970s, proto-cybercrimes were investigated largely within the framework of existing laws. As computers became more sophisticated, however, their use in the scope of criminal activities became increasingly widespread and complicated.

While the first cybercrimes were officially recognized by Florida’s 1978 Computer Crimes Act, it wasn’t until the 1980s when federal governments around the world began to include computer offenses in their penal codes. Canada became the first country to pass legislation on computer crime in 1983, with the United States to follow in 1986, Australia in 1989, and Great Britain in 1990.

Since then, the techniques employed by early computer forensics experts have been distilled and codified to form the well-established branch of forensics science that exists today. As we increasingly depend on digital devices and environments in our everyday lives, moreover, there is little doubt that digital forensics will continue to be a vital field of study in the years to come.

Autonomous Response to critical malware alerts

VMRay + Palo Alto Networks       JOINT WEBINAR