What is digital forensics?
The first thing I'd like to cover in this chapter is an understanding of digital forensics and its proper practices and procedures. At some point, you may have come across several books, blogs, and even videos demonstrating various aspects of digital forensics and the different tools used. It is of great importance to understand that forensics itself is a science, involving very well-documented best practices and methods in an effort to reveal whether something exists.
Digital forensics involves the preservation, acquisition, documentation, analysis, and interpretation of evidence identified from various storage media types. It is not only limited to laptops, desktops, tablets, and mobile devices, but also extends to data in transit that is transmitted across public or private networks.
In some cases, digital forensics involves the discovery and/or recovery of data using various methods and tools available to the investigator. Digital forensics investigations include, but are not limited to, the following:
- Data recovery: Investigating and recovering data that may have been deleted, changed to different file extensions, and even hidden.
- Identity theft: Many fraudulent activities, ranging from stolen credit card usage to fake social media profiles, usually involving some sort of identity theft.
- Malware and ransomware investigations: To date, ransomware spread by Trojans and worms across networks and the internet are some of the biggest threats to companies, military organizations, and individuals. Malware can also be spread to, and by, mobile devices and smart devices.
- Network and internet investigations: Investigating Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks, and tracking down accessed devices, including printers and files.
- Email investigations: Investigating the email header, message IDs, source and Internet Protocol (IP) origins; attached content and geo location information can all be investigated, especially if there is a business email compromise (BEC).
- Corporate espionage: Many companies are moving away from print copies and toward cloud and traditional disk media. As such, a digital footprint is always left behind; should sensitive information be accessed or transmitted?
- Child pornography investigations: Sadly, the reality is that children are widely exploited on the internet and within the deep web. With the use of technology and highly-skilled forensic analysts, investigations can be carried out to bring down exploitation rings by analyzing internet traffic, browser history, payment transactions, email records, and images.