Digital Forensics: New-Age Forensic Science

Technology is meant for all and always will be subjected to work as per the intent of its user. In simple words, if technology can benefit us, then there is a fair chance that perpetrators can use it for their own good. In the past, technology has become an integral part of our lives and somehow it is leading a pathway to cybercrimes, too. These cyber threats are now practically inevitable. But recreating the complete picture from its origination to its development process, it can help professionals to avoid the same threat from harming us repeatedly. Here’s where digital forensics come into the picture. It uses technology to trace the nitty-gritties of the incident with the intention of fighting the cybercrime. In 2018, Acumen Research and Consulting published a report showing the digital forensic market to be growing at a CAGR of 12.5% over the forecast period of 2015–2021, estimating it to be a $4.97 billion industry by 2021. [1] This is already seen as digital forensics is treated as a crucial tool in defense and law enforcement. It also plays a vital role in financial institutions and investment firms.

Simplifying the Umbrella Term “Digital Forensics”

Digital devices such as smartphones, gaming consoles, tablets, laptops, desktop computers, and a few others are a usual part of our daily life. They also serve us as the most convenient go-to data storage devices; it can be our banking details, credit card information, or other private/confidential files, and a lot more. These data attract cybercriminals as it can benefit them in many ways. Now, when a cybercrime occurs, digital forensic investigators lead us through the whole incident investigation process and look for proof to either solve the case or present them as digital evidence in the court.

Digital Forensics can be defined as a branch of forensic science dedicated to investigating and identifying evidence in a digital device-assisted crime. Until the late 1990s, the term was used interchangeably with computer forensics but later years witnessed the expansion of the term “digital forensics,” which categorized it into five major branches:

1. Computer Forensics

Originally, digital forensics was used as the synonym for computer forensics. But now, the term “computer forensics” is limited to analyzing and collecting evidence from the computers systems, embedded systems, and any static memory (like USB pen drives) of the perpetrators. It also includes reporting, as any other branch or subbranches of forensic science demand.

2. Mobile Device Forensics

Under this subbranch, digital evidence is collected from mobile devices. Mobile devices are different from computers as they have inbuilt communication systems such as GSM. The data retrieved from mobile devices are not limited to short message services or emails; it also includes data regarding the location of the user, call log, user dictionary content, data from installed applications, system files, usage logs, and any other deleted data.

3. Network Forensics

Network forensics involves capturing and analyzing network traffic and network packets over local and wide area networks (or internet). The analysis also covers intrusion detection. Being volatile and not easy to log, network data are often considered as a proactive investigation element. It uses two systems to collect data:

  • Catch-it-as-you-can

This approach requires a huge amount of storage as, under this system, all the network packets are stored at a traffic point and, later, analyzed in batch mode.

  • Stop, look, and listen

The network packets under this system are analyzed in a primitive manner. Not all the data are saved for future use. This system requires a faster processor that can pace up with the massive incoming traffic.

4. Database Forensics

The forensic study of databases and its metadata falls under database forensics. Database forensic investigator analyzes database content, log files, and in-RAM data to recover pieces of digital evidence or to build a timeline for the incident.

5. Forensic Data Analysis

It covers the investigation of financial crimes associated with structured data (such as data from application systems or their databases). The primary motive of forensic data analysis is to find a pattern behind the fraudulent activities. Unstructured data are usually analyzed under computer forensics.

There are a few other branches which include email forensics, cloud forensics, and a few others.

Recent Cases Solved by Digital Forensics

Digital footprints of an individual offer a lot of information about that person; it can be the Google search history, messages, GPS locations, and a series of other evidence. In short, it can help in adjoining the dots in a disrupted timeline of an incident or a crime and provides digital evidence for court trials or conviction of the accused.

Child Abuse Death Solved Through Mobile Device Forensics

In November 2016, Steven Ingalls Jr., a Morgan County man, was accused of deliberately overdosing and suffocating 5-year-old Brayson Price. The investigators found a series of horrifying internet search history which included “kill my mentally retarded step-son, torture techniques, I want to kill my autistic child, painful ways to die, most painful torture.” The jury found him guilty of murder. [2]

2016’s Murder Case of Maria Ladenburger

Maria Ladenburger, a 19-year old, was raped and strangled on her way home. Hussein Khavari, the accused, was tried in the court after his iPhone was presented as evidence. During the hours of Maria’s death, Khavari’s phone was connected to a single reception tower enclosing him at the crime scene. His iPhone’s Apple Health App showed that he climbed two flights of stairs making officers suspicious of his movement; it pointed at his actions of dragging Ladenburger’s body down a river bank and then climbing back up. This case was the first of its kind where the local police officers associated health data with geodata to solve a homicide. [3]

PlayStation Console Solved a Rape Case

A 15-year old reported being raped. The medical examination and another gamer who overheard the rape confirmed her claims. On June 28, 2018, Daniel Enrique Fabian, 18, told a fellow player that there’s a girl at her place whom he is going to “smash.” He left the game after the conversation, but his headset microphone stayed on. The other fellow player confirmed hearing the girl saying no. Fabian was later arrested and charged with the felony. [4]

How to Learn More?

Digital forensics is much more than this; it is a vast domain. And, as already mentioned, it is a booming market too. If you want to learn it to the core with all the technical aspects of it (as per the current job market requirement), then look at our ANSI accredited Computer Hacking Forensic Investigator program. It covers all the digital forensic practices that a forensic expert should be aware of.


[1] https://www.globenewswire.com/news-release/2018/05/22/1509831/0/en/Digital-Forensic-Market-Expected-To-Grow-At-CAGR-of-12-5-from-2015-2021-Acumen-Research-and-Consulting.html
[2] https://fox59.com/2018/05/15/court-docs-man-accused-of-killing-5-year-old-boy-searched-for-most-painful-torture-killing-techniques/
[3] https://gizmodo.com/apple-health-data-is-being-used-in-a-murder-trial-1822203637
[4] https://www.newsweek.com/gamer-arrested-after-another-player-overheard-him-allegedly-rape-teen-girl-1232465

get certified from ec-council
Write for Us