What is Digital Forensics?

Digital forensics involves investigation, uncovering and evaluating data gained from electronic devices. It used to be known as computer forensics, but with the introduction of tablets and smartphones, it’s now known as digital forensics, according to CNN.

The Goal of Digital Forensics

While examiners or investigators in the field of digital forensics are digging for evidence, they must preserve it in the original form. This means there’s a precise process and structure to examining the evidence that won’t alter it. Investigators are often called upon to testify in court regarding the evidence, so they must ensure that the process can stand up under cross examination.

History of the Field

In the late 1980s and early 1990s, agencies linked to law enforcement started to understand how criminals were using the Internet to commit crimes. One of the first examples of digital forensics came during the chase of a hacker named Markus Hess in 1986. Across the world, local agencies were starting to see the need for investigative resources into the world of computers, but it wasn’t until 2000 that the field saw a need for standardization.

Digital Forensic Guidelines

There are strict guidelines in place for the retrieval of data from computers and other digital devices. Often, investigators will extract information from the device without switching it on, which leaves the original intact and allows the investigator to work from the copy. The guidelines insist that there be an audit trail detailing steps taken in the investigative process too.

The Process or Stages of the Examination

First, the examiner must ensure that he or she is always educated in the latest forensic processes as well as any legislation that governs the process, and that might change at any time.

The next step is for the investigator to receive instructions on what should be accomplished during the examination. If the investigator has to examine the device in the field, there could be a physical risk that has to be assessed too. Normally, any devices are gathered and brought to the examiner.

After evaluating the situation and receiving instructions, the examiner will start data retrieval. This is the collection process, and this is where training and tools will be of the most use to the examiner.

Analysis of the data is one of the most vital aspects of the examination as well as presentation of the findings. This could involve a report to the lead investigator as well as presenting the findings in a court setting.

Avenues of Application

  • Industrial Espionage
  • Employment Disputes
  • Forgery Cases
  • Bankruptcy Investigations
  • Criminal Fraud
  • Tracing Criminals’ Activity


There are some challenges when working in digital forensics. There are constant changes and new technologies in the digital world. The examiner must stay current with all the changes that impact their field. Criminals are always finding new ways to block investigations too.

Related Resource: What is a Cyber Incident Response?

Digital forensics is a vital area of law enforcement and investigations with many people on digital devices including criminals.