The Definition of Digital Forensics

According to Ken Zatyko, the definition of digital forensics is the application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics (hash function), use of validation tools, repeatability, and reporting. Don’t worry if this definition is too lengthy for now. The goal of this post and subsequent ones in the DFIR Basics is to give you a basic understanding of digital forensics.

Why is digital forensics important?

There are a lot of crimes that are committed daily by users on the Internet. Digital Forensics helps to prove or disprove that certain activity occurred. There are many types of crime that can be solved by using forensic tools and procedures. Below is a list that includes some types of crimes that digital forensics can help solve.

• Child abuse/exploitation
• Computer intrusion
• Death
• Domestic violence
• Harassment and/or stalking
• Identity Theft
• Terrorism
• And many more!

References

Electronic Crime Scene Investigation: A Guide for First Responders

Guide to Computer Forensics and Investigations – 6th Edition by Bill Nelson, Amelia Phillips, Christopher Steuart