Digital forensics is the application of scientific tests or techniques to collect digital evidence in connection with litigation or other types of investigation. It is an integral part of the legal discovery process, but can also be a valuable tool for avoiding or shortening litigation.
Metadata is data that provides information about other data. For example: the text of a Word document is data; the information about who authored the document and when it was created is metadata. In a lawsuit or an investigation, the metadata can be at least as important as the data itself.
Deleted data is the most valuable digital evidence in many cases; it provides access to information that the user may believe is gone. Data is often deleted to hide deceptive or malicious activity. Understanding the basics of data storage and deletion is key to identifying likely sources of evidence.
Email evidence can prove valuable to a case. However, it is important to thoroughly authenticate emails used in litigation. Failure to prove the validity of an email item could render a crucial piece of evidence inadmissible in court.
The digital forensics field grows as fast as technology does. In modern litigation, there is a vast array of digital evidence beyond cell phones and computer workstations. Every new product or technological development presents a new source of data that can be relevant in an investigation.
On a mobile device or computer, communications can exist across a variety of applications; IM and text messages are just the start of the potentially-relevant user messages. People hold conversations across forums, social media, game platforms, and team collaboration software.
Businesses involved in fraud, employees involved in misconduct, and criminals engaged in computer-related crime all frequently take steps to destroy, conceal, or confuse digital evidence. Depending on the user’s level of sophistication, these efforts can cause critical evidence to be unrecoverable or inadmissible.
Google Chrome is the world’s most popular browser, with over 50% market share across all devices globally. Browser data can be critical to a digital investigation and Chrome stores both typical internet usage data as well as some data that is unique to this browser.
A digital forensic investigation often aims to determine the activities of a user on a computer. Prefetch files are an important type of evidence, which provide detailed information about the programs that were run on a computer.