What is digital forensics?

Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often relating to crime.

The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early '80s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that standards and policies emerged.

Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts, (as part of the electronic discovery process). Forensics may also be appropriate in the private sector, such as during internal corporate investigations or intrusion investigations (a special probe into the nature and extent of an unauthorized network intrusion).

The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved, computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.

As well as identifying direct evidence of a crime, digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example, in copyright cases), or authenticate documents. Investigations are much broader in scope than other areas of forensic analysis, where the usual aim is to provide answers to a series of simpler questions, often involving complex time-lines or hypotheses.

Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data/code injection, malpractice by operators, whether intentional, accidental, or deviation from secure procedures.

The field of cybersecurity is growing in importance due to the increasing reliance of computer systems in most societies. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things - and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Computer security covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction and the process of applying security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest.

Litigation Support Services

Data is subject to local rules and agreed-upon processes, and is often reviewed for privilege and relevance before being turned over to opposing counsel.

Data is identified as potentially relevant by attorneys and placed on legal hold. Evidence is then extracted and analyzed using digital forensic procedures, and is reviewed using a document review platform. Documents can be reviewed either as native files or after a conversion in PDF or TIFF form. A document review platform is useful for its ability to aggregate and search large quantities of electronically stored information (ESI).

Electronic information is considered different from paper information because of its intangible form, volume, transience and persistence. Electronic information is usually accompanied by metadata that is not found in paper documents and that can play an important part as evidence (for example, the date and time a document was written could be useful in a copyright case). The preservation of metadata from electronic documents creates special challenges to prevent spoliation. In the United States, electronic discovery was the subject of amendments to the Federal Rules of Civil Procedure (FRCP), effective December 1, 2006, as amended to December 1, 2010. In addition, state law now frequently also addresses issues relating to electronic discovery.