Digital Forensics
What is Digital Forensics?
Digital ForensicsThe scientific discipline of identifying, preserving, analysing, and reporting on digital evidence from computers, networks, and devices in a legally defensible way.
Digital forensics applies investigative techniques to digital artefacts in support of incident response, litigation, internal investigations, and law-enforcement cases. Practitioners follow recognised process models such as NIST SP 800-86 and ISO/IEC 27037 to acquire data with integrity (write blockers, cryptographic hashes), maintain chain of custody, and reconstruct events through timeline and artefact analysis. Sub-disciplines cover disk, memory, network, mobile, and cloud forensics, each with specialised tools (Autopsy, EnCase, FTK, X-Ways, Volatility, Wireshark). The aim is to produce reproducible findings that can withstand scrutiny in court or executive review while supporting containment and remediation decisions.
● Examples
- 01
Imaging the disk of a compromised laptop with FTK Imager and analysing it in Autopsy.
- 02
Recovering deleted files and chat fragments to support an HR investigation.
● Frequently asked questions
What is Digital Forensics?
The scientific discipline of identifying, preserving, analysing, and reporting on digital evidence from computers, networks, and devices in a legally defensible way. It belongs to the Forensics & IR category of cybersecurity.
What does Digital Forensics mean?
The scientific discipline of identifying, preserving, analysing, and reporting on digital evidence from computers, networks, and devices in a legally defensible way.
How do you defend against Digital Forensics?
Defences for Digital Forensics typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Digital Forensics?
Common alternative names include: Computer forensics, Cyber forensics.