What is digital forensics?

The first thing I’d like to cover in this chapter is an understanding of digital forensics and its proper practices and procedures. At some point, you may have come across several books, blogs, and even videos demonstrating various aspects of digital forensics and different tools used. It is of great importance to understand that forensics itself is a science, involving very well documented best practices and methods in an effort to reveal whether something exists or does not.

Digital forensics involves the preservation, acquisition, documentation, analysis, and interpretation of evidence from various storage media types found. It is not only limited to laptops, desktops, tablets, and mobile devices, but also extends to data in transit which is transmitted across public or private networks.

In most cases, digital forensics involves the discovery and/or recovery of data using various methods and tools available to the investigator. Digital forensics investigations include, but are not limited to:

• Data recovery: Investigating and recovering data that may have been deleted, changed to different file extensions, and even hidden.
• Identity theft: Many fraudulent activities ranging from stolen credit card usage to fake social media profiles usually involve some sort of identity theft.
• Malware and ransomware investigations: To date, ransomware spread by Trojans and worms across networks and the internet are some of the biggest threats to companies, military organizations, and inpiduals. Malware can also be spread to and by mobile devices and smart devices.
• Network and internet investigations: Investigating DoS (known as Denial-of-Service) and DDoS (known as Distributed DoS) attacks and tracking down accessed devices including printers and files.
• Email investigations: Investigating the source and IP origins, attached content, and geo-location information can all be investigated.
• Corporate espionage: Many companies are moving away from print copies and toward cloud and traditional disk media. As such, a digital footprint is always left behind; should sensitive information be accessed or transmitted?
• Child pornography investigations: Sadly, the reality is that children are widely exploited on the internet and within the Deep Web. With the use of technology and highly-skilled forensic analysts, investigations can be carried out in bringing down exploitation rings by analyzing internet traffic, browser history, payment transactions, email records, and images.