Digital forensics is the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events.
Digital forensics is most often for usage of data in a court of law, though digital forensics can be used in other instances like data recovery etc.
There are different types of digital forensics, digital forensics is a constantly evolving scientific field with many sub-categories. Some of these sub-categories are:
Computer Forensics – the identification, preservation, collection, analysis and reporting on evidence found on computers, laptops and storage media in support of investigations and legal proceedings.
Mobile Devices Forensics – the recovery of electronic evidence from mobile phones, smart phones, SIM cards, PDAs, GPS devices, tablets and game consoles.
Network Forensics – the monitoring, capture, storing and analysis of network activities or events in order to discover the source of security attacks, intrusions or other problem incidents, i.e. worms, virus or malware attacks, abnormal network traffic and security breaches.
Digital Image Forensics – the extraction and analysis of digitally acquired photographic images to validate their authenticity by recovering the meta-data of the image file to ascertain its history.
Digital Video/Audio Forensics – the collection, analysis and evaluation of sound and video recordings. The science is the establishment of authenticity as to whether a recording is original and whether it has been tampered with, either maliciously or accidentally.
Memory forensics – the recovery of evidence from the RAM of a running computer, also called live acquisition.