Digital Forensics: Different types of digital forensics

INTRODUCTION

Computer Forensics is a branch of Forensic Science, it is also known as Digital OR Cyber Forensics.
Investigation of computer-related crimes with the help of scientific method in a way that is suitable for presentation in the court of law Digital forensics focused on the investigation of artifacts stored on or found on digital devices like computer, mobile devices, laptop, SD Cards, hard drives, USB etc

DEFINITION

The word “Forensiccomes from the Latin word FORENSICS (meaning “public”)Forensic science is a scientific method of gathering and examining information about the past.

Digital Forensics:

Forensics is the practice of investigation, identification, collection, analysis, and reporting of evidence from the crime scene in a way that is scientifically approved & legally admissible.

CONCEPT OF FORENSICS

Forensics is based on the concept of Every Contact Leave a Trace Behind (i.e Locard’s Exchange Principle) –>When two objects come into contact with each other, a cross-transfer of materials occurs, and every criminal can be connected to a crime through these trace evidence carried from the crime scene.

LOCARD’S EXCHANGE PRINCIPLE

So as according to Locard’s exchange principle says that in the physical world when perpetrators enter or leave a crime scene, they will leave something behind and take something with them. Examples include DNA, latent prints, hair, and fibers
The same holds true in digital forensics. Registry keys and log files can serve as the digital equivalent to hair and fiber.

OBJECTIVES OF FORENSIC INVESTIGATION

5WH objectives:  Who, Where, What, When, Why, And How

  • What: Describe the facts of what happened at the crime scene
  • When: The time of the crime and other related events
  • Why: The motivation for the crime and why it happened at a given time
  • Who: Persons involved in the investigation (including victims, suspects & witnesses)
  • Where: Location of the crime
  • How: How the crime was committed

WHY KNOWLEDGE OF FORENSICS IS IMPORTANT?

Forensics plays an important role in Law & Justice, it provides justice to the victim and helps to catch & punish criminal
The knowledge or practice of forensic investigation principles, process, methods & techniques provides an Additional Benefit to the Investigator that all evidence is properly collected & gives a benefit layer to maintain the INTEGRITY, AUTHENTICATION & availability when the technical and legal forensic investigation process ignored or not followed properly then the following risks arise:

  • Useful & important evidence being compromised/ lost or destroyed
  • Evidence not being admissible in the court of law due to integrity and authenticity issues
  • It can lead to the wrong direction
  • Destroy the image of Justice System

CASE STUDY

In a murder trial, IO at the crime scene allegedly tried to unlock the mobile phone of the suspected person. similarly while doing that, he continuously entered incorrect Password/PIN and PUK codes to unlock the SIM. Without knowledge, The IO was tempering with the useful evidence and cause of this all data relevant to the case being ERASED. After this incidence defense filled a case against the IO to destroying & mishandling of the Important & critical evidence that could provide a lead to the investigation.

BRANCHES OF DIGITAL FORENSICS

Digital forensics is divided into several sub-branches relating to the investigation of various types of evidence Branches –

digital forensics

 A) Mobile Forensics

Mobile forensics deals with evidence related to mobile phones and other mobile devices, Most importantly
Now a day’s mobile phones are the most common digital evidence found at crime scene and phones are the most useful source of evidence, Therefore Mobile phone not only use for communication but also store important information’s like images, chats, documents, contact details, and network information, etc
This information helps in the forensics investigations especially to establish a connection between crime and criminal.

Mobile forensics
B)
Computer Forensics

This branch handle cases related to data stored in the computer devices. The main goal of computer forensics division is to find out and explain the current state of digital evidence stored into devices like computers, laptops, storage devices, and other electronic documents.

Computer_Forensics 

C) Network Forensics

Network forensics deals with cases related to computer network traffic. network traffic can be local (LAN) or the Internet (WAN). The purposes of analysis of network traffic is- information gathering, collection of evidence or intrusion detection.

Network forensics

D) Database Forensics

The database forensics division handles cases related to the database. A forensics database is an analysis and examination of databases and their metadata.

Database forensics

E) Live Forensics

Live Forensic is that branch of digital forensics that deals with the examination and analysis of cases related to a live scenario i.e. analysis of a switched a system within its original location without any change. This helps to maintain the originality of evidence without any changes and losses.

Live-forensics

Read More at Digital Forensics Blog


For more information about Cyber Security Courses, kindly visit – www.icssindia.in

  • Digital Forensics Training & Certification
  • Certified Network Defender Training & Certification

You may also like...