By Guest Blogger Ashley Dennon, PICPA, Strategic Marketing Coordinator
Kyle Midkiff, CPA, CFE, CFF, a speaker at the PICPA Forensic Litigation and Services Conference defines digital forensics as the analysis of electronically stored information (ESI) by persons with proper training, tools, and experience. A digital forensics expert is responsible for the acquisition and documentation of evidence, preservation, examination, storage, production of the ESI, incident response, and testifying as an independent expert. Digital evidence is found in computers, servers, e-mail, smart phones, tablets, USB flash drives, external hard drives, and removable media (i.e., CDs, DVDs).
The digital forensics process includes:
The acquisition portion focuses on documentation and the prevention of evidence modification. In this stage, an investigator will prepare a forensic image and hash values for future evidence validation.
During the preservation stage the hash values, also known as digital fingerprints, are calculated. Successful imaging is verified, and the standard digital forensics hard drive image file format (EnCase .E01) is created in addition to hash values. Working copies and archiving are started for all data before further analysis.
Traditional computer forensics analysis includes user activity analysis, deleted file recovery, and keyword searching. Many digital investigators use a data forensic toolkit (FTK) and guidance software as well. Analysis is the most in-depth part of the process, and it takes more time because the evidence recovered is a reconstruction of events or actions.
When the investigation is completed, the data is ready to be presented and the reporting phase beings, usually in the form of a written report.
Investigators look through specific ESI for clues. For example, an investigator would carefully look at these areas if a mobile phone or network device were being used for forensics:
Cybercrimes where the digital forensic process may be used in investigations include wire fraud, embezzlement, insurance fraud, and intellectual property theft. One challenge in these investigations is that data can be stored in other jurisdictions and countries. Adding to that, the process of going through all the data is slow and costly.
With technology advancing at a fast pace and the increasing presence of cybercrime, digital forensics and investigations are likely to increase.
To learn more about the digital forensic process, cybersecurity risks, and the role of the cloud, register for the one-hour self-study session titled, “Current Topics in Digital Forensics.”
Order by
Newest on top Oldest on top