What is Digital Forensics? | BCS

For you

Be part of something bigger, join the Chartered Institute for IT.

Network forensics refers to the investigation and analysis of incoming/outgoing network traffic in a typical computer network in the event of a cyber incident, such as threat hunting and incident response).

In most criminal cases, the probability that a mobile device has been used is high, but knowing how to store and extract data from mobile devices and then analyze the evidence is difficult due to a few factors, including because the data can be very volatile. Mobile devices are available in many models produced by various manufacturers and may have different operating systems.

Therefore, in a typical mobile forensics case, the forensic investigator should have knowledge about that specific mobile device before beginning the investigation – otherwise, a simple mistake can jeopardize the investigation and prevent the case from coming to fruition. be taken to court because of inadmissible evidence.

In recent years, IoT devices are increasingly used in daily life, creating more and more digital evidence. However, the process of forensic investigation in an IoT environment is challenging due to the nature of technologies such as RFID, sensors, and cloud computing.

Some of these challenges relate to ambiguity in data location, data acquisition, data volatility, and lack of forensic tools. An example of IoT devices being used in criminal activities is the use of drones to smuggle drugs through prison or for terrorist activities.

Open source intelligence (OSINT) can support circumstantial evidence investigations by allowing investigators to gather publicly available data. However, using OSINT effectively can be difficult.

Digital forensic tools

There are many digital forensics tools developed by researchers or vendors to help forensic practitioners, some of which are well known. It is important to mention that digital forensic examiners are required to validate their findings; therefore, it is common to use more than one tool to find the evidence.

For example, Magnet’s Cellebrite Physical Analyzer and Internet Evidence Finder (IEF) software are used in mobile forensics. However, IEF is a well-known software for social media and online surveys. CPA and IEF are also used in IoT forensics because many IoT devices are configured per mobile application.

One of the best open source tools for forensic investigations is Autopsy, which can be used on Windows and Linux platforms. Encase and FTK are mainly used for the analysis of hard drives in computer forensics. In order to conduct forensic memory analysis, the tool of choice for many forensic examiners would be Volatility and Redline.

Free cybersecurity learning resources: