Digital forensics is an element of cybersecurity that focuses on the acquisition, recovery, investigation and analysis of digital material found on electronic devices, computer networks, cloud resources and mobile devices. Digital forensics is commonly used by law enforcement in the investigation of cyber crimes as well as non-cyber related criminal activity. Digital forensics is also used in government and in business environments for incident response, IT audits and cybersecurity reporting.
A few objectives of digital forensics include the recovery, analysis and preservation of data, recovering deleted or hidden data on electronic devices, producing forensics reports following an incident. There are many tools, techniques, and applications for digital forensics which will be covered in detail throughout this course.
Forensic investigators focus on several different categories of forensic acquisition depending on the case they are working on. There are various types of digital evidence that can be acquired during an investigation. Each type of forensic specialty provides the investigator with different data that can be used during an investigation or incident response process. It may be required that forensics are to be gathered from different sources to gain the full picture of an event that occurred. For example discovering a directory attack may lead investigators to collecting cloud data, network data and hardware data depending on how an organization’s infrastructure is designed.