About Digital Forensics
Digital evidence collection is a highly disciplined process where repeatability and accuracy are crucial for evidence to be admissible in court. Here one learns how to preserve the integrity of digital evidence; extract live, static, and deleted data from various media; and thoroughly document and present his findings.
The tools and techniques of digital forensics are also applied in situations where data is constantly in motion, such as while recognizing and responding to intrusions into a companys computer network, or when recovering data from small-scale digital devices such as cell phones and PDAs.
Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. However, digital evidence is now used to prosecute all types of crimes, not just e-crime. For example, suspects e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects.
In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics, into their infrastructure. Law enforcement agencies are challenged by the need to train officers to collect digital evidence and keep up with rapidly evolving technologies such as computer operating systems.
NIJs Electronic Crime Program, which includes the Electronic Crime Center of Excellence, supports the development of tools to assist state and local law enforcement in combating e-crime and collect digital evidence. The program has five main focus areas:
- Digital Evidence Investigative Tools
- Digital Evidence Analysis Tools