When you think forensics, you probably imagine fingerprint and blood sample analysis. Which is pretty close to what digital forensics is. Change out the fingerprint for a computer and you’ve basically got it.
Digital forensics is the scientific approach to performing data recovery and analysis of a digital device. A device is the technical term for what needs to be analysed. So a phone, laptop, computer, etc.
Need deleted text messages recovered? Have you been hacked? Digital forensics is versatile. Frequently, you’ll see it called mobile forensics, GPS forensics, email analysis and computer forensics. This just lets people get a little more specific with the type of forensics they perform.
Like traditional forensics, the main part of the digital forensics process is the investigation. The investigation provides a detailed report of what happened to the device during a specific incident or time frame. Was it powered on? Were messages sent? These questions and more are what we answer during an investigation.
We mention above that a digital forensics required scientific approach. Why? Because another digital forensic examiner has to confirm what we discovered. Digital forensics isn’t an opinion; it provides the court system with facts.
Digital investigations isn’t just criminal activity. In fact, many of the cases we’ve worked included child custody cases, fraud, intellectual property theft or employees gone rogue. And sometimes, it can be a person who just wants the photos/videos of a loved one who has passed recovered.
As you continue further down the digital forensics rabbit hole, you’ll find it overlaps with incident response. During a hack, there’s a high chance the hacker is asking for money in return for their data back. That’s ransomware. Learn more about the role of digital forensics in ransomware by listening to episode 10 of the Secure AF podcast.
Since you have a better understanding of what digital forensics is, let’s take a brief look at the typical steps in a digital forensics case
After completing a chain of custody form, which shows who had the device and when, we start collecting the data. Court recognized software assigns a unique identifier to the collected data. This identifier changes if any alterations to the content occur.
After collecting the data, we upload it into specialized software. After that, search terms identify relevant documents and/or information. Based on the initial findings, we can further narrow down the data.
Now our engineers analyze the results from the discovery step. If our client is looking for a specific item, like an Excel spreadsheet, this is where we sift through the search results to find it.
Examiners now collect the data that passed analysis and create a detailed report. These reports highlight the findings from the previous steps in a easy to read, data only report.
Need some forensics performed on a phone or computer? Reach out to us through our contact form. One of our Alias team members will reach out to you.
Learn how you can protect your business from hackers by monitoring your network traffic. Being a small business doesn’t mean you can’t secure yourself. We know it can be intimidating ...
