Digital Forensics: Sleuthing Against Cybercrime

Play

While digital forensics may have come from a fairly dubious tradecraft background, it has grown to be a major part of many cyber crime investigations. Developments in the field in terms of research, tools and techniques have brought digital forensics to a whole new level. Whether providing valuable evidence that assists in the investigation and prosecutions of crime perpetrators or proving their innocence or as part of the post-breach investigation and incident response process in organizations of all sizes, digital forensics is a widely used craft by investigators in all sectors. The ever-growing advancements in information technology have potentially proven challenging to the branch of digital forensics, but its tools and techniques are continuously used to collect, process, preserve and analyze evidence from a range of digital devices, help uncover vulnerabilities and threats and ultimately help inform ways to mitigate them. What is digital forensics? Formally, digital forensics is defined as the branch of forensic science that is concerned with the identification, preservation, extraction and documentation of digital evidence using scientifically validated methods, evidence that will ultimately be used in a court of law. The term originated from "computer forensics" which includes the investigation of computers and digital storage media, but it has separated into a discipline focused on handling digital evidence found on all digital devices that store data. Digital evidence can be collected from many sources. These include computers, laptops, mobile phones, digital cameras, hard drives, IoT, CD-ROM, USB sticks, databases, servers, cloud, web pages, and more. Data sources like these are subject to digital forensics investigations, and must be handled with the utmost care to avoid any modification or contamination. When it comes to different types of electronic evidence, these include media files (photos, videos, audio), text messages, call logs, social media accounts, emails, internet search history, user account data (usernames, passwords), RAM system files, digital files (PDFs, spreadsheets, text files), network device records, computer backups, and much more. While in the past more commonly known as a practice used in legal cases, today the term "digital forensics" is also used to describe a process of cyber crime investigation in the private sector, even without the involvement of law enforcement or the court. Once a security breach occurs, organizations leverage digital forensics professionals to identify the attack, determine how the attackers gained access to the network, trace the attackers' movement through the network, ascertain whether information has been stolen, and recover compromised data. This can involve decryption, recovering deleted documents, files, cracking passwords, and the like. What is digital forensics used for? Digital forensics tools and techniques are used regularly by analysts and investigators in law enforcement, military, and government organizations as well as organizations in the private sector. Therefore the two main use cases for digital forensics are criminal cases or public investigations, and private or corporate investigations: Public sector Government agencies and law enforcement use digital forensics to obtain additional evidence when a crime has occured, whether it's cyber crime or another type of crime, to support allegations against a suspect. In cyber crime investigations, digital forensics investigators are employed by government agencies once an incident is detected, to find evidence for the prosecution of crimes. Not only is digital forensics useful for solving different types of cyber crime such as data breaches, ransomware and data theft, but it can also be used to solve physical crimes, such as burglary, assault, fraud and murder. The evidence uncovered can lead an investigation toward motives behind the crime and can even connect the suspect to the crime scene or suppo...