Digital forensic science is a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime. The term digital forensics was first used as a synonym for computer forensics. Since then, it has expanded to cover the investigation of any devices that can store digital data. Although the first computer crime was reported in 1978, followed by the Florida computers act, it wasn’t until the 1990s that it became a recognized term. It was only in the early 21st century that national policies on digital forensics emerged.
Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence. This is done in order to present evidence in a court of law when required.
Steps of Digital Forensics: In order for digital evidence to be accepted in a court of law, it must be handled in a very specific way so that there is no opportunity for cybercriminals to tamper with the evidence.
- Identification – First, find the evidence, nothing where it is stored
- Preservation – Next, isolate, secure and preserve the data. This includes preventing people from possibly tampering with the evidence.
- Analysis – Next, reconstruct fragments of data and draw conclusions based on the evidence found
- Documentation – Following that create a record of all the data to recreate the crime scene.
- Presentation – Lastly, summarize and draw a conclusion
When Is Digital Forensics Used in a Business Setting?
For businesses, Digital Forensics is an important part of the Incident Response process. Forensic Investigators identify and record details of a criminal incident as evidence to be used for law enforcement. Rules and regulations surrounding this process are often instrumental in proving innocence or guilt in a court of law.
Who Is a Digital Forensics Investigator?
A Digital Forensics Investigator is someone who has a desire to follow the evidence and solve a crime virtually. Imagine a security breach happens at a company, resulting in stolen data. In this situation, a computer forensic analyst would come in and determine how attackers gained access to the network, where they traversed the network, and what they did on the network, whether they took information or planted malware. Under those circumstances, a digital forensic investigator’s role is to recover data like documents, photos, and emails from computer hard drives and other data storage devices, such as zip and flash drives, with deleted, damaged, or otherwise manipulated.
History of Digital Forensics
When Did Digital Forensics Start?
Looking back at the history of digital forensics, law enforcement during that age had a minimal understanding of the application of digital forensic techniques. However, during the 1970s and 1980s, the forensics team were mostly representatives of federal law enforcement agencies with a computer background. The first area of concern for law enforcement was data storage, as most documentation happened digitally. Undeniably, seizing, retaining, and analyzing the documentation was a long task for the authorities. In this situation, the FBI launched the Magnet Media program in 1984, which was the first official digital forensics program.
Following this, other techniques to identify cybercriminals when they intrude into computer systems were developed. In 1986, Cliff Stoll, a Unix System Administrator at Lawrence Berkeley National Laboratory, created the first honeypot trap. Eventually, digital forensics picked up professionally due to the spread of child pornography online.
The war between Iraq and Afghanistan also led to the demand for digital forensic investigation. Concurrently, digital forensics played a major role in extracting the evidential data from the digital assets gathered by the U.S. troops during the war. In 2006, the U.S. implemented a mandatory regime for electronic discovery in its Rules for Civil Procedure.
How Is Digital Forensics Used in an Investigation?
Digital footprint is the information about a person on the system, such as the webpages they have visited, when they were active, and what device they were using. By following the digital footprints, the investigator will retrieve the data critical to solving the crime case. To name a few –Matt Baker, in 2010, Krenar Lusha, in 2009, and more cases were solved with the help of digital forensics.
Cyber forensic investigators are experts in investigating encrypted data using various types of software and tools. There are many upcoming techniques that investigators use depending on the type of cybercrime they are dealing with. Cyber investigators’ tasks include recovering deleted files, cracking passwords, and finding the source of the security breach. Once collected, the evidence is then stored and translated to make it presentable before the court of law or for police to examine further. The role of cyber forensics in criminal offenses can be understood with a case study: cold cases and cyber forensics.
Recent Case Study –
Thousands of digital devices that have been seized by police as evidence for alleged crimes, including terrorism and sexual offenses, are sitting in storage in a growing backlog that investigators are struggling to tackle.
In the lack of efficient resources to analyze the evidence, the PA news agency has found that 12,122 devices (includes phones, tablets, and computers) are awaiting examination across 32 forces. Unlikely, the backlog has remained the same previous year resulting in hampering prosecutors in criminal cases. In another case, a Times investigation from the last year confirmed awaiting examination of 12,667 devices from 33 police forces. The long-pending investigations show how overwhelmed a digital forensic team is due to the sheer volume of digital evidence collected.