Digital forensics
Digital forensics is the process of identifying, preserving, analysing, and documenting digital evidence. It is an important part of the Incident Response process where criminal activity has (or is Forensic Investigators identify and record details of the criminal incident, gathering evidence to present in a court of law. In order for digital evidence to be accepted, it must be handled in a very specific way so that there is no opportunity for cyber criminals to tamper with the evidence. There are therefore strict rules and regulations surrounding this process, and adherence can be instrumental to being able to prove innocence or guilt.
Cyber3Sec’s Digital Forensic process has five key steps:
- Identification – Find the evidence, and note where it is stored. The process may include investigating disks, networks, internet traffic, email and cloud systems.
- Preservation – Isolate, secure, and preserve the data. This follows evidence handling protocols and includes preventing people from possibly tampering with the evidence
- Analysis – Sift information through a thorough investigative process, potentially reconstructing fragments of data. Draw conclusions based on the evidence found.
- Documentation – Create a record of all the data to recreate the crime scene. Provide results in a form that can be used by non-technical legal professionals.
- Presentation – Summarise and draw a conclusion.