Investigative Process Methodologies

Traditionally, processing digital evidence is done inside a secure lab environment. When technology was first involved with criminal activities, practitioners did not follow any guiding principles, methodologies, and techniques while collecting and processing digital evidence. It was only in the 1980s when law enforcement agencies realized that there was a need to have an established set of processes that could be consistently followed to support their forensic investigations and guarantee the legal admissibility of digital evidence. With the formalization of digital forensics as a science, several authors proposed process models as a means of establishing a consistent methodology for applying proven principles and techniques to meet investigative needs. Although the primary focus of digital forensics is on electronically stored information (ESI), it is important to remember that evidence can and likely will exist in both the physical and digital sense. ESI is information created, manipulated, communicated, stored, and utilized in digital form, requiring the use of computer hardware and software.