What is it?
Digital forensics is a modern day field of forensic science, which deals with the recovery and investigation of material found in digital devices. When needed, this is often because of a (cyber) crime, whether suspected or established. The most common reasons for performing digital forensics are:
- attribution
- identifying a leak within an organization
- assessing the possible damage that occurred during a breach
The field of digital forensics is divided up into several subdivisions, depending on the nature of the digital device that is the subject of the investigation:
- computer forensics
- network forensics
- forensic data analysis
- mobile device forensics
What does it take?
Working in this field combines the excitement of solving a puzzle with the data at hand and requires a deep understanding of the software and hardware involved. The most important skill is to be able to find and interpret the data involved in the crime while minimizing the changes made on the investigated device.
Cause and effect can be difficult to determine without a clear timeline, which adds another dimension to the puzzle of trying to figure out what the initial breach factor was and how the attackers proceeded from there.
What does it have in common with cybersecurity?
Cybersecurity and digital forensics are two fields that have a lot in common. They also provide information to each other. Analyzing a breach may lead to new insights about preventing such a breach, and knowing how certain threats work makes it easier to create a timeline and look for a possible attack vector.
Pieter Arntz