Digital forensics is a constantly evolving scientific field with many sub-disciplines,  forensic investigation of digital evidence is commonly employed as a post-event response to a serious information security incident.

Digital forensics process and facets

The digital forensics process involves the preservation, identification, extraction, interpretation, and documentation of digital evidence.

The field of digital forensics has different facets and is not defined by one particular procedure. At a very basic level, digital forensics is the analysis of information contained within and created with computer systems, typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved.

Digital forensics investigators provide many services based on gathering digital information, from investigating computer systems and data in order to present information for legal cases to determining how an unauthorized user hacked into a system. Some of the major types of digital forensics are :-

Disk Forensics: It deals with extracting data from storage media by searching active, modified, or deleted files.

Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence.

Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic.

Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS, Audio, videos, Chats, Emails ,GPS locations etc.

Database Forensics: It is a branch of digital forensics relating to the study and examination of databases and their related metadata.

Malware Forensics: This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc.

Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.

Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump.

Conclusion

Digital forensic investigation is a critical component of any successful incident response process. Join AITREC cybersecurity E-training program and learn more about core digital forensics procedures and hands-on techniques for analyzing evidence and writing admissible digital forensic reports.