TABLE OF CONTENTS Through the efforts of computer scientists, law enforcement and intelligence officers, network and system administrators, programmers, academics, and hobbyists, the field of digital forensics has evolved (and is still evolving) into one of the most dynamic and powerful investigative techniques in use to date. Digital forensic managers and investigators face a host of procedural, legal, operational, and technical challenges driven by both the explosive pace of technological innovation and the sophistication of cybercriminals. To assist them, this chapter will provide an overview of digital forensic principles and methodologies and the differing digital environments encountered, and introduce concepts covered in greater detail throughout this book.
| Note | There are numerous definitions of computer (digital) forensics; my favorite comes, in part, from Dan Farmer and Wietse Venema: Gathering and analyzing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past on a system and providing clear and objective testimony and reporting of the results of the investigation. (The italics represent my addition to Farmer s and Venema s definition.) |
Before we move into a discussion of digital forensic principles, it is important that we understand the difference between principles and procedures (methodologies). The Merriam-Webster online dictionary defines a principle as a comprehensive and fundamental law, doctrine, assumption or rule and a procedure as a particular way of accomplishing something or of acting. The difference between the two terms can appear to be minimal, but it is...
