Introduction
There are two categories that digital forensic jobs align with, the public sector and the private sector. Public sector organizations are owned by the government or other state-run bodies. Private sector organizations are owned and controlled by individuals, groups, or business entities. The procedures and types of digital forensic investigations are different between each sector. This post will give a high level overview on how to conduct an investigation for each.
Introduction to the Public Sector
Public sector investigations involve government agencies that are responsible for criminal investigation and prosecution. Examples of agencies are:
- County and state police departments
- Federal law enforcement
- Military (Army, Air Force, etc.)
Public sector organizations need to abide by legal guidelines of the jurisdiction (region that authority can try cases in) that they control. An important guideline that people in the United States must follow is the Fourth Amendment. This amendment restricts the government’s rights to search and seizure of a person’s property. Stay tuned to a later post that goes more in-depth on the Fourth Amendment.
Public Sector investigations
Public sector investigations are criminal in nature. Criminal cases can be murder, burglary, fraud, and others. Bad guys can use digital devices to help plan these attacks and leave valuable clues for an investigator. Future posts will dig into artifacts that can be found to help convict a criminal.
Digital examiners need to be wary of the laws in their state or country. A law in Iowa can be different than in Missouri, which will affect the outcome of an investigation. Laws will vary between countries as well. European Union (EU) privacy laws are more strict than the United States.
A website to show the differences between laws of different states is found at Criminal Laws by State.
Introduction to the Private Sector
Private sector investigations involve people or corporations that focus on policy violations. Examples of private sector cases include money laundering, HIPAA violations, and corporate espionage. Private sector cases are usually civil cases, however, they can develop into criminal cases. Companies in the private sector include:
- Sole proprietors (Contractors, developers, and technicians)
- Partnerships (Legal and accounting)
- Privately owned corporations (Leisure and retail)
Private Sector investigations
Private sector investigations involve private companies. Litigation disputes, email harassment, and wrongful termination are types of cases that fall in this category. A company must continue business during an investigation, which makes dead box forensics techniques tough to implement.
Companies can implement policies to reduce the risk of litigation. An “Acceptable Use Policy” is a policy that employees sign that define the rules for using the company’s computers and networks. A warning banner is another method that appears when a computer is started or a computer is connected to a VPN. This banner warns a user that network traffic and systems are monitored at all times. A banner lets a user know that a search warrant is not needed to investigate their activity.
A civil case (public sector) can turn into a criminal investigation. When a case turns to the police, then law enforcement takes over the case.
Ben Kixmiller's DFIR Website 
Leave a comment