Last Updated on March 22, 2021 by Filip Poutintsev

The field of digital forensics is an interesting one; with Digital forensics is an exciting area, often hyped up (with a tad of exaggeration) in films and TV series like CSI, NCIS, and Spooks. You’ll have heard the realm styled using slightly different words, each of which can bring back to mind different activities.

web technology

What is forensic science?

The question of what is forensics or forensic science is another that has been glamorized by the media. The Upper Education Academy defines forensic science as the application of science to matters of law.

The aspect of science in this term refers to the use of scientific methods and how these might be applied in specific instances or generally. On the other hand, the term forensic alludes to courts and their decision-making process in criminal and civil matters. It is important to highlight that the investigator can only present the results of their forensic analysis acting as witnesses and cannot have ultimate determination thus usurping the role of the courts.

This is an encompassing term for smaller divisions of science. The different specializations of forensic science include:

Forensic Pathology– it’s the study of death due to unnatural causes and trauma different forms of trauma to the living. It is a specialty of Medicine and a sub-specialty of Pathology.

Forensic Engineering – is the investigation of accidents in mechanical systems such as aircraft, vehicles, metal fatigue through the application of engineering principles to uncover the cause.

Forensic DNA– is the use of biology to identify individuals among other living beings through their unique DNA profiles using genetic material such as saliva, blood, semen, etc. The concept of Forensic DNA was first brought to the fore in 1985 by Sir Alec Jeffreys at the University of Leicester.

Digital Forensics this a specialty based on the analysis of gathered material from digital and cyber systems

Forensic Dentistry– this is the use of dental profiles and dental prostheses in aiding the identification of human remains or crime suspects.

Forensic Accounting – this is the analysis of personal or company accounts to determine any inconsistencies or crimes.

Forensic Toxicology– this is the detection, identification, and quantification of any chemical substance be it medicine, toxins, or poison in body tissues and fluids.

Forensic Anthropology– this is the study of individuals noting their physical characteristics and features to highlight age, gender, ethnicity, stature, nutritional status, and morbidity/diseases, or notable features.

The role of Digital Forensics

Digital Forensics has become quite fundamental especially with the growth of Information communication technologies and critical in crime investigation more than ever in trying to get a forensic advantage over criminals.

Some countries with professional bodies for forensic scientists such as the United Kingdom include digital forensics and its subsidiary disciplines highlighting not only the importance of the field but also the equivalence to the other more established forensic science areas

A brief history of digital forensics

The term digital forensics is fairly new as it only surfaced in the late 1900s after being previously referred to as ‘computer forensics. The first cohort of computer forensic analysts was made up of enforcement officers who just considered computers a good hobby. In 1984, the Federal Bureau of Investigation (FBI) setup the Computer Analysis and Response Team (CART), and this was followed by the UK a year later through the Metropolitan Police.

A shift occurred at the start of the 1900s as enforcement agencies, investigators and specialists realized the need for standard techniques, procedures, and protocols in digital forensics as well as other forensic sciences. There were a lot of informal guidelines that were used up until a series of discussions and conferences to setup computer forensic methodology and practices on what is computer forensics today.

Below are some landmarks in the development and evolution of computer forensics to digital forensics:

  • Hans Gross (1847-1915) was the first person to use science in criminal investigations
  • The FBI developed a lab to supply forensic services to its agents and other law enforcement agencies in 1932
  • Florida in 1978 enacted its Computer Crime Act which recognized computer crimes
  • Galton (1982-1911) was the first to perform a documented study on fingerprints
  • The term Computer Forensics emerged in academic literature in 1992
  • In 1995 the International Organisation on Computer Evidence (IOCE) was created
  • The FBI developed its Regional Computer Forensic Laboratory in 2000\
  • In 2002, a book called “Best practices for Computer Forensics” was published by the Scientific working party on Digital Evidence (SWGDE)
  • Simon Garfinkel in 2010 recognized the challenges facing digital investigations.

Computer forensic tasks include all of the following:

  • Intellectual Property theft investigations
  • Industrial Espionage investigations
  • Fraud investigations
  • Bankruptcy investigations
  • Misconduct relating to the use of the Web and emails within workspaces

The digital forensic process

Digital forensics process is a process with 5 stages to acquire digital evidence:

  1. Identification

This is the primary stage that recognizes likely sources of significant evidence, in the form of the individuals or devices to be analyzed.

  1. Protection

This is focused on protecting relevant electronically stored information (ESI) through preserving the crime scene, capturing and documenting relevant information such as visual images, and how the information has been acquired.

  1. Collection

The actual collection of the digital information which may involve removal of the electronic device(s) from the crime/incident scene and copy or printing out the device(s) is important to the whole investigation

  1. Analysis

This is a systematic examination of the evidence concerning the information that has been collected. The output of this examination is the data objects which will include system and user-generated files. This examination seeks to derive specific answers and directions towards conclusions.

  1. Reporting

These are proven procedural methods of documenting the conclusions of the analysis and should allow other competent examiners to read through and duplicate the documented results.

Aside from this, there is a mundane yet essential activity of taking notes through the whole process of digital forensic analysis. This captures the investigator’s thoughts, any anomalies that arise, how one achieves certain results, and finals results and can be done at every point during the process. This also allows what might be missed in the whole process to be revisited or an additional person to develop the same results from the notes.

Digital forensics is more than the collection of digital data relating to crime or incidences or its preservation, analysis, and reporting but is at the core, a science. This means a digital forensics scientist or department should be invested in the continuous development of techniques as well as their professional skills in the field. Further contribution can be done through carrying out research and publishing such research in peer- reviewed journals.

Different types of digital forensics

Due to the evolution of digital data forensics, several sub-disciplines are emerging some of which are found below:

  1. Computer Forensics – This is focused on the on ant evidence found on laptops, computers, and storage media obtained through the digital forensics process in support of ongoing investigations and legal proceedings.
  2. Mobile Device Forensic- this revolves around the retrieval of evidence from small electronic devices such as personal device assistants, smartphones, mobile phones, sim cards, tablets, and gaming consoles.
  3. Network Forensics- Network or cyber forensics is based on data retrieved from monitoring and analysis of cyber network activities such as attacks, breaches, or system collapse through malicious software and abnormal traffic on the network.
  4. Digital Image Forensics- this sub-specialty looks at the extraction and analysis of digital images to verify authenticity and metadata to determine the history and information surrounding them.
  5. Digital Video/Audio Forensics- this area is focused on audio-visual evidence to determine authenticity or any additional information that can be extracted from it such as location and time intervals
  6. Memory forensics- this refers to the recovery of information from the RAM of a running computer and can be also called live acquisition.

However, there are some areas of classification that are not so straight and are determined on a case-by-case situation or grouped by the investigating team as such in terms of forensics computing. For example:

  • Mobile electronic devices such as smartphones and tablets without SIM cards can be termed computers due to their functions
  • Any removable storage media such as memory cards that come as part of tablets and smartphones can be considered as mobile forensics if the device has a SIM card or Computer forensics if it does not.
  • Some tablets which come with keyboard accessories can fit under computer or mobile forensics as they can be considered as laptops.

This is an interesting field and has a limitless future due to developments in criminal behavior and electronic devices. Although these digital forensics began from hobbies and as an outcast it has been integrated into mainstream forensic science with continued reliance and relevance with an evolution of the question on what is digital forensics.

Questions of interest in the field of Digital Forensics

Q: How does one attain Computer Forensics Certification or become a forensic computer analyst?

A: Before an individual just have computers as a hobby but there has been investment in curriculums that are specific to the field. One can attain a computer forensics degree or have IT-related degree then specialize in computer forensics and become a bona fide computer forensics investigator.

Author