Simplifying “Digital Forensics”

Simplifying the Umbrella Term “Digital Forensics”

Digital devices such as smartphones, gaming consoles, tablets, laptops, desktop computers, and a few others are a usual part of our daily life. They also serve us as the most convenient go-to data storage devices; it can be our banking details, credit card information, or other private/confidential files, and a lot more. These data attract cybercriminals as it can benefit them in many ways. Now, when a cybercrime occurs, digital forensic investigators lead us through the whole incident investigation process and look for proof to either solve the case or present them as digital evidence in the court.

Digital Forensics can be defined as a branch of forensic science dedicated to investigating and identifying evidence in a digital device-assisted crime. Until the late 1990s, the term was used interchangeably with computer forensics but later years witnessed the expansion of the term “digital forensics,” which categorized it into five major branches:

1. Computer Forensics

Originally, digital forensics was used as the synonym for computer forensics. But now, the term “computer forensics” is limited to analyzing and collecting evidence from the computers systems, embedded systems, and any static memory (like USB pen drives) of the perpetrators. It also includes reporting, like any other branch or sub-branches of forensic science demand.

2. Mobile Device Forensics

Under this subbranch, digital evidence is collected from mobile devices. Mobile devices are different from computers as they have inbuilt communication systems such as GSM. The data retrieved from mobile devices are not limited to short message services or emails; it also includes data regarding the location of the user, call log, user dictionary content, data from installed applications, system files, usage logs, and any other deleted data.

3. Network Forensics

Network forensics involves capturing and analyzing network traffic and network packets over local and wide area networks (or internet). The analysis also covers intrusion detection. Being volatile and not easy to log, network data are often considered as a proactive investigation element.

It uses two systems to collect data:

  • Catch-it-as-you-can

This approach requires a huge amount of storage as, under this system, all the network packets are stored at a traffic point and, later, analyzed in batch mode.

  • Stop, look, and listen

The network packets under this system are analyzed in a primitive manner. Not all the data are saved for future use. This system requires a faster processor that can pace up with the massive incoming traffic.

4. Database Forensics

The forensic study of databases and its metadata falls under database forensics. Database forensic investigator analyzes database content, log files, and in-RAM data to recover pieces of digital evidence or to build a timeline for the incident.

5. Forensic Data Analysis

It covers the investigation of financial crimes associated with structured data (such as data from application systems or their databases). The primary motive of forensic data analysis is to find a pattern behind the fraudulent activities. Unstructured data are usually analyzed under computer forensics.