• Digital forensics is a branch of forensic science focused on the recovery and investigation of material found in digital devices and cybercrimes.
• Digital forensics was originally used as a synonym for computer forensics but has expanded to cover the investigation of all devices that store digital data.
• Digital forensics is concerned with the identification, preservation, examination, and analysis of digital evidence, using scientifically accepted and validated processes, to be used in and outside of a court of law.

 

Digital Forensics Investigation Process:

Identification: Identifying what evidence is present, where it is stored, and how it is stored.

Preservation: Data is isolated, secured, and preserved.

Analysis: Forensic lab personnel reconstruct fragments of data and draw conclusions based on evidence.

Documentation: A record of all the visible data is created. It helps in recreating and reviewing the crime scene. All the findings from the investigations are documented.

Presentation: All the documented findings are produced in a court of law for further investigations.

 

Branches of Digital Forensics:

Computer Forensics: Computer forensics or computer forensic science is a branch of digital forensics concerned with evidence found in computers and digital storage media.

Mobile Device Forensics: Mobile device forensics is a branch of digital forensics focused on the recovery of digital evidence from mobile devices using forensically sound methods.

Network Forensics: Network forensics is a branch of digital forensics focused on monitoring and analyzing computer network traffic for information gathering, legal evidence, or intrusion detection.

Forensic Data Analysis: Forensic data analysis (FDA) is a branch of digital forensics that examines structured data in regard to incidents of financial crime.

Database Forensics: Database forensics is a branch of digital forensics related to databases and their related metadata.

 

Real-Time Examples:

Larry J. Thomas Vs State of Indiana

In 2016, Larry J. Thomas was found guilty of an attempted robbery that resulted in the murder of Rito Llamas-Juarez. While the case had eyewitnesses who confirmed Thomas’s presence at the crime scene, digital forensics helped strengthen the case even further.

During the investigation, the authorities took the content posted on the culprit’s Facebook account under consideration. They found that he had been using a handle named “Slaughtaboi Larro” and had posted photos of himself carrying an assault rifle. The ammunition used in the murder case matched that of the weapon shown in Thomas’s online images. The photos were also used to match a bracelet found at the crime scene. Thomas had been wearing a similar bracelet in the pictures posted online. Consequently, Thomas was arrested and imprisoned.

 

The BTK Killer

The “BTK Killer,” aka Dennis Rader, tortured and killed at least ten people while he was still at loose and undiscovered. He’d taunt the police forces by sending them cryptic messages during his killing sprees, baffling them even more. However, it was this very habit that finally led to his arrest. In 2005, Rader sent the police a Microsoft Word document on a floppy disk. Digital forensics experts were able to trace the metadata contained within the disk, helping unveil the BTK Killer’s true identity. Rader was finally arrested and imprisoned shortly after this.