Digital forensics is the science of preserving and analyzing digital data; this data can then be used in court cases as well as for crime detection and prevention. Because of the many different types of digital evidence, it is usually broken down into four main categories, based upon their source.
• Computer forensics: This focuses on digital information from computers, including laptops or desktops, memory, hard drives, operating systems, and logs. Usually, a computer device is confiscated and a digital image of drive is created for analysis. One of the main aspects of computer forensics is recovering deleted files.
• Mobile forensics: A mobile device is generally defined as one with a built-in communication system (a la GSM or SMS) as well as location information via GPS; however, mobile devices also include cameras and USB drives.
• Network forensics: This is often used to detect intrusions into companies as well as examine packets of data transmitted through the system. Information can be gathered in mass and stored for later analysis or collected in real-time and filtered to watch for specific files or events. Conversations on platforms such as Facebook, Skype, Twitter, and Windows Live Messenger can often provide crucial evidence in supporting or debunking the statement of a witness, defendant, or complainant.
• Database forensics: The analysis of data and metadata contained in databases such as Microsoft SQL, Oracle, and others. This information can is helpful in tracking financial crime activity as well as establishing timelines of events. There are sub-categories such as email forensics, software-specific forensics, hardware forensics, and web forensics that offer additional niche specialties.
Areas that could be investigated include:
• Indecent Images of Prohibited Images and Extreme Pornography
• Rape and Assault
• Fraud, Money Laundering, or Supply of Drugs
• Breach of Orders
• Disloyal Employees and Leaver Screening