Updated: Jul 9, 2019
Forensics, sounds scary doesn't it?
Maybe you think crime scene experts looking for DNA. Well, that's right. It is just a different type of forensics.
Digital forensics is a branch of forensic science encompassing the recovery and analysis of digital evidence. Think of information on your computer, server, iPhone, tablet, etc. The list goes on and has gotten long in recent years.
So why is it important?
Digital forensics applies to legal matters involving digital evidence, since digital evidence falls under the same legal guidelines as other forms of evidence. If you need to collect and review evidence for a case, there is a good chance some of it is in a digital format and you will need to employ an expert consultant.
Let’s quickly go through the lingo so you can be prepared to discuss. Here are 6 key terms you should know.
Simply put, metadata is ‘data about data’. Breaking that down a bit further, this is the ‘To’, ‘From’, ‘Sent’, ‘Subject Line’ of an email. Or the ‘Date Created’, ‘Last Saved’, ‘Author’ of a MS word file. Metadata will come up routinely when discussing digital evidence, and it is critically important to make sure it is properly collected and preserved (more on that below).
A forensic image is a bit-by-bit copy of a physical storage device, like a hard drive, flash drive, etc. What makes this different is a forensic image actually copies the empty space on a digital storage device. Potential evidence is frozen in this image for analysis in later stages. The important thing to remember is the image copies the device in its entirety.
Preservation is a very important term to know. Preservation literally means preserving the digital evidence you are collecting, and most importantly preserving the metadata. The metadata may give the case team key insights on a case, so keeping it in tact is important to make sure future evidence stands up in court.
When getting on the phone with a forensic examiner, the first thing they will ask is about data sources. Simply put, this is where the digital evidence currently lives that may be in scope. This could include things like email servers, laptops, iPhones, shared networks, etc. Anywhere a digital file can live is a potential data source.
Encryption is the process of converting information or data into code, especially to prevent unauthorized access. It is becoming very popular on most data sources, so encryption is something forensic examiners will ask about. You may hear them say ‘Is the device encrypted?’. Encryption increases the time it takes to ‘image’ the device.
This is an important term because it is not what you want to happen and why we hire a forensic expert. Simply put, spoliation is the action of ruining or destroying something. In terms of digital evidence, spoliation can occur if digital evidence is not properly collected with the right tools and technologies. It is the entire reason to get an expert involved, so make sure you know the term.
Digital forensics is relevant to the legal community since there is a good chance potential evidence is sitting on a digital device. This is an expert service, so make sure you leave it to experts to handle. Otherwise, you may pay for it down the road in trial. If you have any further questions, feel free to get in touch!