Introduction to Digital Forensics
The 21st century witnesses massive cyberattacks against person, property and the nation in various forms such as hacking, defamation, DDoS, ransomware and cyber pornography. The whole universe is in the radar of the cybercriminals and hackers. The socioeconomic development of any nation is somehow effected by these intruders. These digital crimes stand next to terrorism as the most hurdle in the sustainable development of the society. Even the terrorists are using cyber means, and some countries are engaged in cyber surveillance to disrupt the critical infrastructures with an intention to drop down their economic status. The digital forensics knowledge is high time requirement in this critical situation.
The Internet insecurity exposes serious threats and vulnerabilities. Cyberspace also witnessed the frequent cybercrime incidents around the globe. Digital forensics involves investigation and analysis of digital evidence, maintaining integrity and chain of custody for prosecution purposes. Disk imaging is the first step in preserving digital forensic evidence in preparation for postmortem examination and analysis. Most of the cybercrime investigations have multiple jurisdictional complexities. The 3A’s of digital forensics methodologies are acquiring evidence without modification, authenticating seized data and analyzing data without alteration.
The first part of this chapter deals with the history and objectives of digital forensics. The second part narrates about digital evidence in the form of active data, archival data, latent data and residual data. The third part is about the various branches of digital forensics such as computer forensics, network forensics, mobile forensics, memory forensics, malware forensics, database forensics, social network forensics, anti-forensics, cloud forensics, bit coin forensics and big data forensics. The fourth part is about the phases involved in the digital forensics, that is, readiness, identification, collection, presentation and analysis. Lastly, the chain of custody description is mentioned due to its importance in digital forensics.