TABLE OF CONTENTS by Jim Steele
Digital forensics is probably the most intricate part of the cyber crime investigation process. It is often where the strongest evidence will come from. Digital forensics is the scientific acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law. The practice of Digital Forensics can be a career all in itself, and often is. Other times it is a subset of skills for a more general security practitioner. Although the corporate digital forensic practitioner is not a law enforcement officer, it is a wise practice to follow the same procedures as law enforcement does when performing digital forensics. Even in a corporate environment, the work one performs can quickly make it to a courtroorn. Regardless if the case is civil or criminal the evidence will still be presented the same.
Traditional digital forensics started with the seizure of a computer or some media. The drives and media were duplicated in a forensically sound manner bit by bit. Way back if there is such a thing in computer technology the forensic duplication would be combed through using a hex or disk editor application. Later the forensic applications and suites evolved and automated some of the processes or streamlined them. The forensic practitioner would undelete files, search for temporary files, recover e-mail, and perform other functions to try and find the evidence contained on the media.
Today there are more user-friendly programs...
