Digital Forensics (DF) is the practice of gathering, recovering and analyzing electronic evidence that can be used in criminal investigations or by businesses and law enforcement agencies as a safeguard against identity theft of employees.
Since the dawn of the 21st century, digital forensics has experienced incredible advancement. Numerous tools have been created to meet the demand for reliable, accurate, and traceable digital evidence that could be presented in court proceedings.
Investigators start their investigations by obtaining search authority. This could include obtaining a warrant or subpoena in a criminal investigation; for civil inquiries it could mean seeking consent orders or even court orders as necessary.
Once this has been accomplished, devices belonging to either individuals or companies are seized by an investigation team and processed through special tools designed for extracting data from them.
Follow a chain of custody to protect the evidence. This ensures it will not be altered by anyone.
After gathering data, it will be examined using various methodologies. Imaging may be employed to create exact copies of digital proof which can be referred back to at any point during an investigation.
At this step, investigators also check to make sure their tools are operating properly and cannot be compromised by anyone. This step is critical; mishandling can damage both evidence and an investigation - something an investigator needs to be mindful of if their investigation should ever become compromised by improper handling.