Cyber crime is on the rise. According to FBI briefings, the number of digital forensics cases has been steadily increasing. At first, the industry literature used the term of computer forensics to designate the particular branch of forensic science dealing with the investigation and recovery of various material found in computers. The field expanded to digital forensics to cover the analysis and inquiry of all the devices that are able to store digital data. These investigations are often performed in relationship to a crime, which is why it is very important that the computer forensics investigator to have the necessary training, but also a compelling experience in the field. The job of such an investigator is different from that of a system or network administrators.
The most common application of digital forensics investigations is to discredit or support hypotheses before a court of law, whether criminal or civil. In the case of electronic discovery, an investigator can also prove helpful in the private sector, along the lines of corporate security and internal investigations. Whatever the case, the job of a computer forensics investigator follows a typical process that begins with the seizure of media and continues with its acquisition, also called forensic imaging. It is very important that the investigator has as much information as possible before undergoing these steps. A first step is often interviewing any people who can provide information in connection to the case.
The technical procedures start with the acquisition of the volatile evidence, that is the data which might change or disappear quickly if improperly handled. After this step, which can be difficult to perform, depending on the level of access the investigator has to the computer or digital device. Next comes the acquisition of physical storage, including memory cards, hard drives, removable disks or USB drives, which will be forensically imaged, in order to ensure the continuity of the operational system, while also using the devices as evidence.
The world of digital forensics is fascinating, but it is also challenging and demanding. A good computer forensics investigator must not only be highly trained and experienced in the field, but also capable to step out of the technical world and into the courtroom. Testifying is probably the most challenging part of an investigator’s job. In court, one needs to be able to translate the technical forensic language to situational concepts that people can understand. No matter how perfect an investigation, a poor presentation in court can kill it.