Security

Digital forensics: The smart person's guide

This comprehensive guide covers everything you need to know about digital forensics, the science of recovering data from computers, networks, mobile phones, and IoT devices.

istockpkripper503.jpg
Image: iStock / pkripper503

"On the internet nobody knows you're a dog," famously joked Peter Steiner. To the layperson in 1993, when the cartoon was published in The New Yorker, both dogs and people were free to explore bulletin boards and chat on IRC with little fear of leaving a digital trail. The infant internet was a realm where ideas flourished and privacy was assured.

Today information and connected devices are abundant, but online privacy is a rare commodity. Though the web superficially appears to be anonymous, your behavior is tracked by your ISP and analyzed by the NSA, web marketers mine your clickstream, and even encryption, a tool deployed by the most privacy-sensitive web users, is under attack.

SEE: Job description: Computer forensic analyst (Tech Pro Research download)

Digital forensics is the application of scientific tests related to crime detection. This type of forensics is a documentation and analytical method of recovering data from physical media, such as PCs, servers, mobile phones, and IoT devices.

For countless personal and professional reasons consumers and companies should be aware of how online activity can leave detectable breadcrumbs. This smart person's guide is a routinely updated "living" precis loaded with contemporary information about how digital forensics works, who it affects, and how to learn more about web analysis.

LEARN: Check out all of TechRepublic's smart person's guides

Executive summary

What it is: Digital forensics is the extraction, analysis, and documentation of data from physical media.

Why it matters: Digital life is not anonymous. As we use the web, we also scatter fragments of data in our wake. If collected, personal data fragments can present an accurate profile of our behavior and personality. Often this data trail is accompanied by legal implications. Digital forensic experts know how to assemble the picture.

Who it affects: Because digital forensics experts are typically used in a legal setting, government organizations, SMBs, and enterprise companies may want to consider preemptively working with an expert to better understand potential vulnerabilities.

When it's happening: Digital forensics has been a thriving industry since the mid-1970s.

How to learn more: For interested job-seekers there are a number of digital forensics roles in both the public and private sector.

WATCH: Cracking The 'Great Firewall Of China' (CBS News)

What it is

Digital forensics scientists are responsible for capturing hard-to-access data from disc drives and flash storage and analyzing digital trails. Often part of the discovery process, in conjunction with a civil or criminal law, the results of digital forensic analysis can provide evidence used in court cases or documentation material to prove or disprove alibis and accusations.

By 2021, digital forensics is estimated to be a $4.9 billion industry.

Modern digital forensics is process-oriented and composed of three primary areas of emphasis and expertise: computer (PCs), network (connected PCs), and mobile (phones and IoT). Each of these disciplines requires a mastery of several hardware and software tools.

Hardware:

  • Forensic Bridge Also known as write blockers, these versatile devices connect to and safely extract data from an array of storage media.
  • FRED An acronym for Forensic Recovery of Evidence Device, these workstations plug directly into and analyze data on high-speed networks.
  • The SHADOW This is a speedy device that can image a suspect's hard drive at the scene of a crime.
  • Media duplication terminal This is a stand-alone evidence-grade box with modular inputs that can capture data from CDs and DVDs, USB, flash cards, and mobile devices.
  • Capture screens These are portable evidence scanners that can grab screen captures and record video in the field.

Software:

  • The Sleuth Kit This open source suite of applications can locate hidden files, recover lost documents, and analyze registry changes on Windows, DOS, Unix, Linux, Mac, and other common operating systems.
  • Wireshark This is a widely used open source network packet sniffer.
  • CAINE This Linux distribution is tailored for digital forensics and offers an integrated set of memory, mobile, and network forensic tools.
  • Registry Recon This software analyzes and can rebuild the Windows registry.
  • COFEE Developed by Microsoft, this data extraction and documentation tool is used by law enforcement agencies.
  • Volatility This memory forensics tool can extract information stored on RAM.

Additional resources

Why it matters

Everything we do online leaves a footprint. Love it or lump it, in legal disputes public and private this footprint is compiled and frequently used as evidence. Though the digital forensics field was once as wild and disorganized as early Silicon Valley, today experts are highly trained and follow rigorous protocols. These guidelines help protect law enforcement agencies from evidence contamination and help corporations fend off cyberattacks.

Additional resources

Who it affects

Law enforcement ranging from the United Nations to the FBI to local and state police all employ healthy teams of digital forensics analysts. As cybersecurity becomes a priority for business, corporations are hiring forensics experts to test network resiliency and help develop cyber-defense policy. Every major private sector cybersecurity firm retains trained and experienced forensics experts.

Consumers, protected by encryption on everything from mobile devices to bank websites, are affected by digital forensics. Apple, of course, famously went to war with the FBI to protect the company's right to use strong encryption on the iPhone. Still, with the right tools, iOS and Android devices are susceptible to data recovery tactics.

Additional resources

When it's happening

Digital forensics experts are investigators. Just as their offline counterparts dust for fingerprints at crime scenes, digital forensics analysts uncover and document data clues hidden on computers and mobile devices.

Born in the mid-1970s the art of digital forensics evolved in tandem with the growth of personal computing. Similar to hackers, progenitors of the profession probed early computer networks and documented vulnerabilities. The process was generally disorganized and relied on non-specialized available tools.

In the 1980s and 1990s computer crime entered the mainstream and along with it came the need for new tools, new standards, and new laws. Packet analyzers and write blockers emerged as essential utensils. Based in part on Kenneth S. Rosenblatt's famous publication High-Technology Crime, forensics analysis helped standards and procedures employed by courts, the FBI, and local enforcement agencies.

Academic and professional standards evolved in the 2000s, and the industry shifted focus to web and mobile cybercrime, hacking, and cyber-defense. By 2021, digital forensics is estimated to be a $4.9 billion industry.

Additional resources

How to learn more

The number of educational resources to support the burgeoning field is growing as well. Community colleges and major universities like Boston University, Pace, and Penn State, along with local and regional community colleges, offer digital forensics programs.

Lynda.com, a website that sells professional training courses, hosts a growing number of digital forensics how-to videos.

YouTube is a helpful and free resource to learn the fundamentals of digital forensics.

As the craft evolves, TechRepublic, ZDNet, Tech Pro Research, and CNET continue to provide timely and insightful analysis.

Read more

About Dan Patterson

Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.

Editor's Picks

Free Newsletters, In your Inbox