What is Digital Forensics?

Digital Forensics is defined as the process of preservation, identification, extraction, and

documentation of computer evidence which can be used by the court of law. It is a science of
finding evidence from digital media like a computer, mobile phone, server, or network. It
provides the forensic team with the best techniques and tools to solve complicated digital-
related cases.
Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the
digital evidence residing on various types of electronic devices.

History of Digital forensics

Here, are important landmarks from the history of Digital Forensics:

 Hans Gross (1847 -1915): First use of scientific study to head criminal investigations
 FBI (1932): Set up a lab to offer forensics services to all field agents and other law
authorities across the USA.
 In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
 Francis Galton (1982 – 1911): Conducted first recorded study of fingerprints
 In 1992, the term Computer Forensics was used in academic literature.
 1995 International Organization on Computer Evidence (IOCE) was formed.
 In 2000, the First FBI Regional Computer Forensic Laboratory established.
 In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first
book about digital forensic called “Best practices for Computer Forensics”.
 In 2010, Simson Garfinkel identified issues facing digital investigations.

Objectives of computer forensics

Here are the essential objectives of using Computer forensics:

 It helps to recover, analyze, and preserve computer and related materials in such a
manner that it helps the investigation agency to present them as evidence in a court of
law.
 It helps to postulate the motive behind the crime and identity of the main culprit.
 Designing procedures at a suspected crime scene which helps you to ensure that the
digital evidence obtained is not corrupted.
 Data acquisition and duplication: Recovering deleted files and deleted partitions from
digital media to extract the evidence and validate them.
 Helps you to identify the evidence quickly, and also allows you to estimate the
potential impact of the malicious activity on the victim
 Producing a computer forensic report which offers a complete report on the
investigation process.
 Preserving the evidence by following the chain of custody.
Types of Digital Forensics
Three types of digital forensics are:

Disk Forensics: It deals with extracting data from storage media by searching active,
modified, or deleted files.

Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and

analysis of computer network traffic to collect important information and legal evidence.

Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics
is to offers the tools need to collect and analyze the data from wireless network traffic.

Database Forensics: It is a branch of digital forensics relating to the study and examination
of databases and their related metadata.

Malware Forensics: This branch deals with the identification of malicious code, to study
their payload, viruses, worms, etc.

Email Forensics: Deals with recovery and analysis of emails, including deleted emails,
calendars, and contacts.

Memory Forensics: It deals with collecting data from system memory (system registers,
cache, RAM) in raw form and then carving the data from Raw dump.

Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile
devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing
SMS/MMS, Audio, videos, etc.

Challenges faced by Digital Forensics

Here, are major challenges faced by the Digital Forensic:

 The increase of PC’s and extensive use of internet access

 Easy availability of hacking tools
 Lack of physical evidence makes prosecution difficult.
 The large amount of storage space into Terabytes that makes this investigation job
difficult.
 Any technological changes require an upgrade or changes to solutions.

FORENSIC PSYCHOLOGY
The Link between Digital Forensics and Psychology
Psychology has been integrated into digital forensics because of the need to look closely into
the motivations of cybercriminals. With psychology and digital forensics, businesses can gain
insight into how, why, and where cybercriminals hack their systems. Furthermore, a business
can better protect its assets through the psychology of its people, learning where the internal
vulnerabilities lie. Overall, psychology has become more significant in digital forensics
because of the inimitable relationship everyday people have with digital data and what it adds
to their digital fingerprints.
The relationship between digital forensics and psychology for these applications has led to
digital forensic psychology becoming its own field. As remote arrangements become more
commonplace, people need more cybersecurity and protection. As it happens, these remote
arrangements have also helped boost the forensic psychology field in higher education
through traditional and more recently online degrees. Online forensic psychology programs
teach the fundamentals of abnormal psychology, cognition, laws, and social services. Such
subjects prepare professionals for roles in corporations and establishments that require
expertise in forensic psychology to operate in today’s digital landscape.
Forensic psychology, as defined by the American Psychological Association, is the
application of clinical specialties to the legal arena. This definition emphasizes the
application of clinical psychology to the forensic setting. Christopher Cronin, who has written
a well-known textbook on forensic psychology, defines it as “The application of clinical
specialties to legal institutions and people who come into contact with the law” (p. 5), again
emphasizing the application of clinical skills such as assessment, treatment, evaluation to
forensic settings. This is considered a narrow definition. The broad definition of forensic
psychology emphasizes the application of research and experimentation in other areas of
psychology (e.g., cognitive psychology, social psychology) to the legal arena. This would
include applying results from studies in areas such as cognitive psychology to legal questions.
Two good examples include Elizabeth Loftus’ many studies on eyewitness identification and
Stephen Ceci’s research on children’s memory, suggestibility and competence to testify.
Cronin labels this definition “legal psychology” or “The scientific study of the effect of the
law on people, and the effect people have on the law.”

Profiling cybercriminals
It is not just theoretical explanations of crime that are useful in tackling the problem of
cybercrime. Some of the more applied aspects of forensic psychology are also directly
applicable to online criminality.

For example, the possibility of extending offender profiling techniques to cybercriminals

(particularly hackers) has been examined by some authors. Similarly, research examining the
effectiveness and suitability of various types of punishment can be applied to online settings,
with some research particularly noting the importance of specific deterrence for offences such
as digital piracy. Similarly, the potential for restorative justice in cybercriminal cases has also
been explored.

The importance of victim research has not been overlooked, and it should be remembered
that just because an offence occurs online, this does not mean that the victim is precluded
from experiencing cognitive, emotional and physiological effects. In addition to this, the
victim may experience a certain degree of ‘victim-blaming’ (where the individual is ascribed
blame for their victimisation by others, often due to perceived facilitation or precipitation of
the criminal event). Considerable research has also attempted to determine what demographic
and personality traits might lead to increased risk of cybercriminal victimisation.