What is digital forensics? Your new fingerprint.

Blog Alias todayAugust 25, 2020 573 4 5

Background
share close

When you think forensics, you probably imagine fingerprint and blood sample analysis. Which is pretty close to what digital forensics is. Change out the fingerprint for a computer and you’ve basically got it.

Digital forensics is the scientific approach to performing data recovery and analysis of a digital device. A device is the technical term for what needs to be analysed. So a phone, laptop, computer, etc.

Your new fingerprint

Need deleted text messages recovered? Have you been hacked? Digital forensics is versatile. Frequently, you’ll see it called mobile forensics, GPS forensics, email analysis and computer forensics. This just lets people get a little more specific with the type of forensics they perform.

Like traditional forensics, the main part of the digital forensics process is the investigation. The investigation provides a detailed report of what happened to the device during a specific incident or time frame. Was it powered on? Were messages sent? These questions and more are what we answer during an investigation.

We mention above that a digital forensics required scientific approach. Why? Because another digital forensic examiner has to confirm what we discovered. Digital forensics isn’t an opinion; it provides the court system with facts.


When is it used?

Digital investigations isn’t just criminal activity. In fact, many of the cases we’ve worked included child custody cases, fraud, intellectual property theft or employees gone rogue. And sometimes, it can be a person who just wants the photos/videos of a loved one who has passed recovered.

As you continue further down the digital forensics rabbit hole, you’ll find it overlaps with incident response. During a hack, there’s a high chance the hacker is asking for money in return for their data back. That’s ransomware. Learn more about the role of digital forensics in ransomware by listening to episode 10 of the Secure AF podcast.


The process

Since you have a better understanding of what digital forensics is, let’s take a brief look at the typical steps in a digital forensics case

1. Preservation

forensic image of stored data

After completing a chain of custody form, which shows who had the device and when, we start collecting the data. Court recognized software assigns a unique identifier to the collected data. This identifier changes if any alterations to the content occur.

2. Discovery

understanding data storage

After collecting the data, we upload it into specialized software. After that, search terms identify relevant documents and/or information. Based on the initial findings, we can further narrow down the data.

3. Analysis

investigating stored data, identifying artifacts

Now our engineers analyze the results from the discovery step. If our client is looking for a specific item, like an Excel spreadsheet, this is where we sift through the search results to find it.

4. Reporting

reporting of artifacts, presentation of analysis

Examiners now collect the data that passed analysis and create a detailed report. These reports highlight the findings from the previous steps in a easy to read, data only report.


Need some forensics performed on a phone or computer? Reach out to us through our contact form. One of our Alias team members will reach out to you.

Written by: Alias

Tagged as: .

Rate it

Previous post

Similar posts

Blog Alias / August 19, 2024

World Class Service on a Local Scale

When we think about the impact of cybersecurity attacks, it’s easy to fall into the trap of believing that data is only as valuable as the ransom a company is willing to pay to retrieve it. We’ve seen this misconception challenged by the rising number of attacks on hospitals and schools, but what often flies ...

Read more trending_flat