Fundamentals of Digital Forensics

Digital forensics is directly related to incident response, being even one of its most important components, being necessary to obtain information about events and actions performed in the system under analysis. Digital forensics is also criminally decisive, investigating past actions on the devices in an attempt to identify and collect an evidence of crime, which could help the decision in court.

“it is impossible for a criminal to act, especially considering the intensity of a crime, without leaving traces of this presence” (Doctor Edmond Locard, s.d.)[1]

Digital forensics Is understood as a branch of forensic science that studies and applies the process of acquiring, analyzing and preserving digital evidence so that it is legally admissible and technically irrefutable in court.

Digital Proof is any data or digital information, legally admissible (obtaining) and technically irrefutable (origin, integrity and non-repudiation).

Digital Information is all data stored or transmitted digitally, such as logs, documents, emails, database, network traffic, among many others.

 

The goal of digital forensics and incident response:

·       Identify, collect and preserve a evidence of a cybercrime;

·       Interpret, document and present evidences in such a way that it is admissible in court;

·       Understand the techniques and methods used by criminals;

·       Respond to incidents to prevent intellectual, financial, and reputational property losses during na attack;

·       Know the legislation of various regions;

·       Learn about digital platform manipulation processes, data types, and operating systems;

·       Identify the appropriate tools for forensic investigation;

·       Recover deleted files, hidden files, and temporary data that can be used as evidence;

·       Support prosecution in cybercrime investigation;

·       Protect the organisation from similar incidents in the future.