Yeah, I have a question…

The main focus of my blogs are digital forensics but what is digital forensics?

Digital Forensics is defined as the process of collecting, preserving, analyzing, interpreting, and documenting digital evidence, then presenting the outcomes. Although often associated with incident response—commonly referred to as Digital Forensics and Incident Response (DFIR)—it’s important to understand that these are two distinct fields.

Contrary to what the name might suggest, incident response involves more than just reacting to incidents. According to IBM, incident response refers to an organization’s methodology for detecting and responding to cyberthreats, security breaches, or cyber-attacks. This requires a deep understanding of cybersecurity, cyber threats, and the various tools used to monitor and assess these threats. While digital forensic techniques are commonly employed in incident response, the primary focus of incident response is to identify, contain, and eradicate threats and return services to normal operations.

I defined digital forensics at the beginning, but to elaborate, it is a branch of forensic science used in litigations, internal company investigations, and criminal investigations.

Digital Forensics involves five crucial steps:

1. Identification: Determining which information is important and will provide value to an investigation.
2. Preservation: Ensuring that evidence is not tampered with or altered throughout the investigation.
3. Analysis: Conducting a meticulous examination of digital artifacts (records/evidence of user activity on a device) to prove or disprove hypotheses about an incident.
4. Documentation: Recording all pieces of evidence, detailing how it was acquired and analyzed, and noting what tools were used during the analysis.
5. Presentation: Producing a professional report and being able to clearly explain the findings.

While most people associate digital forensics primarily with computers and cell phones, the field is rapidly expanding. With increasing access to various technologies, areas such as IoT/smart devices, vehicle infotainment systems, gaming systems, and drones are becoming crucial sources of evidence in investigations. It takes a skilled digital forensic examiner/analyst to make sense of the data recorded on these devices and interpret what it says about an incident. Digital forensic examiners/analysts must understand the technologies hosting the data, how to locate different artifacts, and how to interpret various data formats.