Copywriteroffice

Serp data

Request Result

The request result help you to show your API requests results.

stdClass Object
(
    [data] => stdClass Object
        (
            [query] => how digital forensics works
            [search_url] => https://www.google.co.uk/search?q=how+digital+forensics+works&oq=how+digital+forensics+works&num=30&hl=en&gl=GB&sourceid=chrome&ie=UTF-8
            [device] => desktop
            [hl] => en
            [gl] => GB
            [search_engine] => google.co.uk
            [number_of_results] => 8180000
            [related_searches] => Array
                (
                    [0] => stdClass Object
                        (
                            [title] => what is digital forensics and how is it used in investigations
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=What+is+digital+forensics+and+how+is+it+used+in+investigations&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAgzEAE
                        )

                    [1] => stdClass Object
                        (
                            [title] => types of digital evidence
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=Types+of+digital+evidence&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAgyEAE
                        )

                    [2] => stdClass Object
                        (
                            [title] => digital forensics investigation
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=Digital+forensics+investigation&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAgvEAE
                        )

                    [3] => stdClass Object
                        (
                            [title] => what is digital forensics in cyber security
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=What+is+digital+forensics+in+cyber+security&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAguEAE
                        )

                    [4] => stdClass Object
                        (
                            [title] => what is digital evidence
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=What+is+digital+evidence&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAgtEAE
                        )

                    [5] => stdClass Object
                        (
                            [title] => digital forensics ppt
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=Digital+Forensics+ppt&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAgnEAE
                        )

                    [6] => stdClass Object
                        (
                            [title] => digital forensics analyst
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=Digital+forensics+Analyst&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAgiEAE
                        )

                    [7] => stdClass Object
                        (
                            [title] => analysis of digital evidence
                            [url] => https://www.google.co.uk/search?num=30&hl=en&gl=gb&q=Analysis+of+digital+evidence&sa=X&ved=2ahUKEwjehsHd3qL1AhXBc94KHWcACmUQ1QJ6BAghEAE
                        )

                )

            [result] => Array
                (
                    [0] => stdClass Object
                        (
                            [position] => 1
                            [videos] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [title] => Overview of Digital Forensics
                                            [url] => https://www.youtube.com/watch?v=ZUqzcQc_syE
                                            [thumbnail] => data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAEYAfAMBIgACEQEDEQH/xAAcAAABBQEBAQAAAAAAAAAAAAAFAAIDBAYHAQj/xABAEAABAwIEAwUEBwYFBQAAAAABAgMEABEFEiExBhNBFFFhcZEiMoHRFSNSobHB8AdCQ0VislNVcoPxFiQzNDb/xAAaAQACAwEBAAAAAAAAAAAAAAABAwACBAUG/8QALBEAAgIBAgQEBQUAAAAAAAAAAQIAAxEEEhMhMUFRUmGRBRQiodFDU3GBsf/aAAwDAQACEQMRAD8AwcVoNtpQBsLV69h8d4+2wgnvtY+oqVoX1FTpPfTJxi7A5EDuYYGv/XkPNeGa49DTUpntbFl8ePsn5UVfAsL+tVpDqIrZcezJA8CaEatjNyxmVxOLekmK+1/UlOdPqKdEmRnHnjz2xmUAnMq1xYd/iTViJIZkICml7kixFjcb6VncScfdeUgMqCOYrKeXqs3PXrpUjErDkjGJpuxQ5Gq2GnL9QBf1FMc4cw90exzWj/Su/wCN6G8PRo85txD0fK6zb6xBKCQbjW3iKugx25fZmp89pV8oKjmQT3AqBqRbK6sQrHlKuIcOIjMLfRKJSm3sqR0vbe9OPCb+6JTRHikiiGIQ5/0fJBmpdb5ZKgtgA2Gu4P5VdaGLKbQsGEoFIPurG+1TAk41m0EMJnl8MSUe9Jij/Uoj8qrYjhr0CO2h8oUrUgoJIt8R407ikSTiSRKQ2lxDQA5d7bk9fP8ACiEeRIxmGtl1lAWynKtWb2idr5baC/juKHKOBsChyciZu1eWqRSSlRSoFJG4ItTbVJphqJgLEqAh9uQ4XFp0FhYK7j8arQWcNDSkz+Yh9KyCATVnh2VIStcRlTPtXWObffra360p2IYTLflLdCmCV6qyXAv8amJn3EOVZv4k6Z6mwObBlJ8UozD7qd9Kws3tOKbPc4giryNPKkbKOov51aZNydx942NxQcHjSHYD0d0uZbtqsvNa+lu4gkHvBIoMeNcaUgpW8hYUmys6SoK+pDNyCbH2RfUb61PIwh7Gp4ZgIaS01o66ANFHppqTbp40dVwBGMTkJc/7r/F5yCSe7Jm+7fxrNbqEQ4Jnc0Xw+2yreowPU/5M+/xxisnmCQ1FcS6pwupKVBKwvmXFgrT/AMq9U2O1yalh49juJ4gxIS4y45FW84lDilJT9aTn0BvYZja1iNKC4vhEnCHkolBJSu5bWk6KA/5FEOFcCxHEZTUiKsMIz5Q4bHMdrAfOwq/EQLuJ5SfL3FzWo+qaqXxg7Gw2QjtcN18slsAam5ChtfW2c737zrrQnCeKcbnzuUSytpwr5+ZvMA2tSlrRqTYEq6a+ynXSr8vgFhUS0JwIebSSVl9Dme29wD+FZFSMRwDEUs6odNjlScyXBfTz286rXelnSVv+H36ZTnnnv2nR3sTlFM51rltLlXW7kTcKV7R2VfcqNWMK4jnvQGXCWgXGwVgJJ11vqSTuo9fu0oXBRNfJEqM0yi2hQ9nJ+GUVeOGrw1hthDSkhKLoSpV7jXr8D6UW1VSttJmKr4Rr7KN6r6gZGSPSCeJeLp8aWrsy4+YuB1aMhICwWyCNbg/VpGh2J8CBUbjrEnZZ7UmMGXSEq5aFJy6EA+9r7x0NxWexpTwxOX2lBbWXFEoJByg6jbwtR3A+DpMtPPnBaGrBXKbF1EeJGiR+tKL2og3EzVptHdaOEBk9/SQcUYw/iGMOPTYsVxYQEpVZY9m+bovU3J18fKwEbVtuIOEZCgH4aFoKBk5TwIvboFHr4GsWtKm1qQsFK0kpUD0I3FSu1LBlZe/S3afAsH99jHxnjHkNvJ3Qq/n3itohaVoStuxQoAg+FYa9FsPxnssZLK2uZlJsc9tPSmgzn6ikuAV6w2lQy6EUHxvFOSDGjq+tPvqH7o7vOqRnOJAus6G4tQ2SoLeWoH3jc+ZoEyVacBsmb39lupd3v2hO3fat/Hbf57Wsm2dO+e2/i0B94rhuGSsQgLL8EugaZrJuk+BG1aY8YyFQyG8NX2sAkmxKAPtW3/W9c66izfuXnmeo0uso4IRzggfmS/tRTfEmEjQc6R/cKNfstjmTHgNBQTeQokk2AA1OvwrnMyZNlyOfOW4peU5cwsAD3DoPKpcIxPEsOOeHzFNFVi2UlSCe7wPlTTpyaQnhM661Bqms7EY+2MzvZ4bbYalqacVzGWV+++khRKDoPYGbu0Nce4xUG+JILqx7CW2ydN7LVepZnGD6oyUxICmnzopaxcJP9I6/H76AYhJfkRY70p1RkJUu5WTnsTodtALdKrRQyvuIxLa7Vq9XCDbs459MTr/DLiG5Taivlu5Fcp0rCUoVY6kkEfcfLqDWMOxxh7iDcIVblt5rHayDa5OgASdbXSr2RuOawMUmqhtyEssFtSQSC8evT3dDVfEuKZEhOSMlbQACS8u6j5J6AefoKo+nsBIA5HvDpviGmatWYkFAAR448DM9xf8A/QTPNP8AYmu0cGZxDnZM+sZF8jgT1633rhktpK3VLVJW44rUlwEk/GjnDWKYsh1DGXtMa38U+6PA7/jTrKW2rt6j8RWn1tQewvyDnOfDnmdp4vLhgLz823b/AN91Khfl9w6+NfP2JG+KTR3SHP7jWk4lxqYlktwCGU5sqlIuVkemnwNY1CiVm5JKtST1o0VsrF25ZlNZqKrK1rqOQO/SS0r15tSrVObHG6twfWoFg5joaNDhzFB/L1n/AHE/Ol9A4rt9Hr8uYj50ri1+Ye80DS3+Q+xgxifMi5hFlvsBVswacKL277VKcaxU5b4nMulJSCH1bHfrV8YBiZ/lyz5LR86X0Bin+Vr+LianFr8w94fltR+2fYwXImypiU9rlPyMt8vNdKst97X8h6Ve4exhzCpP1i3uyrB5jaFqGvQgBQ1uB12qx9CYon+Un4uJ+dOGG4qgaYUkfFPzo8WvzCD5fUD9M+0I/wDVcEWGeavKbi5XuBpb664/XkMu67Ik2clPLeNrZnXLm3dqb0WXDxhScq8NQR3Eg/nUKsImlsAwcqr9CPnU4ieYQGm/uh9pTiTpMS4jS3WARY8p1SCfOx1qynEMTfBQqTOfQrQpU84oEeIvrRKPEcYQkKiqzdbAVYYedjrKuyPq8Bl+dW3p4iIZNR2rPtBD2HyVMpe7LbTbMbjzFNiYtPhpDEbEnY7f2EvqCU/Ci8vFcRWnKxCW2O8qSTQd9M543diFau9Sgam9PGBKdQR9aR0nFp7gXmxl5RI2Eh30/KgwNiDRFTcopt2JseOnzqqYckalo+oobl8Y4VWAcwZ4CDSuK87NIH8M+opch/7J9aO4QcNvCdfBsb/lf7q0LHErDTLbSoLa0pvoUWGt76A+J7+7qaVKuBW7L0nub6UtxvEH4tiaMRSyEIUjlZt9Sq9tSb6nShtKlVWYscmXqQIm1ekjXUK6VKiJGkC6gVSpUwTM0gXUCqVKmiZ3kKutV1UqVMEztIF1YwmY3Cm855JWkoUmwF9/iKVKnKSOYmS1FdSrdDCmJ8TMv8Kv4I1HUC5KS+XTYDQJFrXP2ayB3pUqbuLczMyoEXavSf/Z
                                            [parsed] => stdClass Object
                                                (
                                                    [source] => YouTube
                                                    [date] => 13 Jun 2017
                                                    [channel] => ISACA HQ
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [title] => Understanding the Forensic Science in Digital Forensics
                                            [url] => https://www.youtube.com/watch?v=R2W0YuqqZGk
                                            [thumbnail] => data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAEYAfAMBIgACEQEDEQH/xAAbAAABBQEBAAAAAAAAAAAAAAAGAAMEBQcCAf/EAEEQAAEDAgQEAwYDBAcJAAAAAAECAwQFEQAGEiETFDFBIlFhBxUjMnGBFkKxYpGy0iQzQ3JzosEmNFJUY4Kh8PH/xAAZAQEAAwEBAAAAAAAAAAAAAAAAAQIDBAX/xAAnEQACAQMDAwQDAQAAAAAAAAAAARECAxITITEEFFEjMmGBM0GhBf/aAAwDAQACEQMRAD8Az9+QtLqkoWdl9z69MG0Sh05+r5PjuMucKqUlUqWA+sa3OCtV+txuBsLDAK+0oyHCOhWd+mCCLn4xIMGOqjw3alTYq4cOoKfUC02oW/q+iiE7XJ/U4qkoOq5XVk4YWv5PpfuyNUIiHShukuOTGy+4bSCwHW3Ouw+bbpta2FWMr0F+VVKdBiyocumwGp4fTMcWl5J3WhSFHbYbEefpuIs+0KTHVMUiKzy8ylIpzjZf2GhJSlwG3XdW3r1w/VvaW5Naf5Okw4ciY20zKliQpxTjSPyAEAJvuD9T9cIRmqrnkM5OVKQxnKHR3Mtrbp0l5TaJorTqlLswty3D1XTum179vXEVnK1FNQpjVQiGmz5UKQ77leqqilx1KgGviglQChqNh5fsm48PaFT15kTmJnK8UVULK1vCoOEqHDLfS1uh8u2ILOcY4psCn1ShQai3GjuRLvOaVOMqN0hKrXQU9AQel/PZCJm55YSs0qhMVCuxallafHdp9MXUg29VnLHQkXbQUndBINlkk9dtrCI7lymP5YizorT7NQL0aa+zzTiwmHJeWhtvc76UhPisDtfvikl59elS6g+uCyiPIpCqQ0yl8/0do99RBKlfW3b7zU+1KpqlylORmnKU8wGWqdxAlDFgkBQcCbm2k9fP0whEzc8/0JqhkejtVCW/FRIXTVyoUdhJlO/DXzXBkIvqubi256X2tjyNlDL9VqrgiRZcRum1gwJTBnOuJktlOygSdSTcjoex64EWPaRLZTUUmG04xLqjdSSkvmzKkuJWUA23B0AdrbnEh32mutzY8iFSIkRnnVT5LSZKlGU6UkXKiNgOtrdh0w2I9XyFMXIdGmKo6o6JGpMpZntc278RhS3UII8VxZSEja3XfFXEytTERINLfptVmVCVSRPkVCNKWTFU5q4aQ3fSoXSRv5Yo4HtNkw61CqTERm0Zh1hbBfNnkuLK+ttiFEdj09cKl+0dynMU9UijRZU+nMcozOXIWg8D/hUkbE22Cj0ve3W7Yep5H8rJoD+RJ9VqNEfky6c4y0tYqryA+XVgBVhsm1xtY3tgpqGQYtOm5ifciOpprSI3u4mYtRBJAdv4tXU/m+2MxpVfFPyxUaKGm1Nz3WHC+XLFHCUFbC297ee2CNee3H6nXajyDCTWERwpHHPw+F0INt7/AGwhBuudmS/aXTIuW+LHg0ExGFPpQxUFVZbyl2TcjhEkp77nywLUZ1T0ValqJPEI3N/LEvOFfgZhXImjLseHUZLiVrmomuOFQAAtpICegA2xDoSdMNQt/aH9BjO6lidvQurU3ZxIbNnvABqvpPQn1v2xs85TEjO1Jo71RgriPIbW5SDCGtRS2txKy5p6akJNr9sYnLWHFvJUe+k7nwjcbYfdrNZqddjT+bedqqVNtx3G0JQvUNkJFgAetvW+98aLg47tM1v7Ncyk577ao1cqjLAqXGnRy4GUpu2NRAIA306QB9/M47jLjtKVIflxjNTlpcp6stwU8NwFQLbgbt4ikBRItvcfTAFOn+0JFYgu1AT25qwtiJqiISlWseJKQE6So28r48oUvPbEQikJmmNTEuRRoiNr4SdQKm7qSSqxSNtyLYmTPEL6RJi5ly8uFLnMVF2XU1Igz24gj63Gmm3Up028IOlad+v3xNLjLs+dRabytPqkifKIaqNPK49UTvsF7fKLDY3FuhGAm+e681DnaJsttp1MuK81GbSAsCwWClIvsLWO3pjl2t58psee49JmsR0SCJTi2G/hOLAJF9PgJCgbJt81++IknH5CpyOKVl33qiOymq03K8XglaEr4S1KWFrsbgkaRvv388DtOqLQz5Cq9cy+5FDlMS+9wI/FAUUn+l8NI2Tt0INuvXFO5V80USbG4kqRFkx4aIzCVtI/3f8AKkpKbKHqbnE12Ln2NWU1x6NU01FZDYkcEG99gjTbTp/Ztbv64iS6p8hfKiyIUKr5oL9LqEpuktGm1KPECCtJUoKdWg3TrA07gWtt5jD1HUqfD52dRW6fIkVGmrWmySHyVpBdAA8IVbp6YElyc+pzECrn/e3KlKW+AixZuL2RbQU3I7dcccXPz1QlspTUFzeI1LfQqMgqCkn4arFOwunYDbY+uJkrj8hdFzDFazTXm5dVjVWBT48tx+IKcGTECXkJKNVviWSVC/7PrjudR2Ms0aVKioZcm0ijuci8pCV6UreXZyx2JCQnf69jgNrdR9oC4qo1Y5zgSlcmoLhtI1lwDwXSm9ztiPEkZ7bbTPipqGilsqhF3l0qDbaT4kKBHjAKdyQq1uuEjD5DOBUVjLVWrM9tnLcl1ENa5i4iZCXCrbihsDYL6W7dcUeTJHvOFmGW+43KWurUuz4ZCA4ObSNQT+W4ttiuh1b2h+9Hm4bs5c6a0iStPLNK1tgWSoApslPYWsPvhmCM6ypdVEWPMXJU+07UEiKgHitqC2yRp2IIBAHUdiDhIx2CnPkWG9lnMVZgttpRKlx2HEAC7bzLy21/QEBB9b4zqjC0Ve39of8ATHUisVNyJNgOyFiPLk8zKZKEjU9e5UdrpNx0FhthUsDl1f3z/pjO77Tt6FRcITiQZDuq58arAH1xJy4n/aejbgn3jG2H+KjF3EyDmOosmYzFaQy6QtouvJBWk7ggC/a3XD6vZtX0aioRgQNV+Kb/APgYuuDmuNZM0mM3IgVScirEpTNzEhdMbcXckAAqUkX2Fgf/AE7xEQ3anMojlMkT48OHMqKZLsBxtJYkF75nErBBSRxOx+YeeMxhZUrMta1tNhSm1FCip0XSR/8AcQ3WHor70ZwlLiVaXRc2Nj388HUZqieGa/S0ux65lWOl5wtiJOSoXtrsrYkCwv8AbvtitpUAScns5ckT0GfUqQ5JVGcSsurfXZbSio7eFKLWJvtgEpdGqU9SSww5oPyurOkfa/X7XxNn5cnQXCP64tNcVxaLhKB5Anrt5YiX4LYriS29plHqCqi1VuUXyIhx0ce4tqt06374Kn5VNa9qimbS26gtGgOOPDg6iwNOlNtj2vfrfzxlSWnHfhNhbiz0Sm5J+2LT8J1t5tK/d7xC0gjWLE/v/TFVVPBZ0JLdh1lxl2n0ikwa6h4VJqk1FbranAXUtFxH5t+u1vp6YkxkGTAkNQ4UmbTVUCPyQS/pfkAqUSkudlDb6X9dssqdKqMBzVPYfZUvbWu51emrv0xBjsyZDyGYqXFrVslKD1xOY053k1Wj2isUih1aG/CanTnlNsyHeI4y62tp1m6+/Qj/ALgMPJiSKmmRGnofixmX6gY1Zp03QI6S4srS8nYA9u/2NzgFORquqGXnHEB4WIaJJt9T0B2wNTYsuE6uNLadaWsgltXRZ7HyP1xaWVVCfDNVrTUibRalTqOlZq71Cpi0IbXpW40lxesJ37C9/wC8MP0tqtvuu02tNoqiROZ4sylSuE/CeDaQCsbXASBc3PfY9BmMTKuYJTRltRHWUNDUHHV8MgAHpfcd8QKbCqEnUqFDluhSSlZaaWQR1NyP0OEkYKIk8zA0mPWZzKJapiW5LiRIWrUXfEfET3J63x3SCTHWf+of0GGxTKg+txqPAlOrQSlQaZUuxHUbDEmFFkwkuMTGHGHkr3Q6gpPQdjjK5weh0X5DaWq7Tcu5Kpc2rPpZZ5RpKR1UtWgGyR3O2KKLn0PVdxyQRHpQXwW0FjW64oGyleBajZJ0i2n8wxTVei1yqyKJJap4chx6Wy1EfcKnEJUpHxDw0Aq1G4Go7DT52OCfLVJcylQ48ATG+MRxnuI6ltSrLGnYnpoARv0sLd8bJwjzqqMrj3/bCxKULTdGkgjqAN8DOYMn06qyFSi1wnimylM+Ek+Z7E9MXNJddU66y9JbeLaQNnQpQ3NioDzFu3W/a2IGdVclT4lYBXppktuQ7p7snwO7d7IWo/bE8oo1g9me0Oie64qY/FLthYKKbEjE805pwuF1JIcRoV2uPr1wDsImtzU0ySp4OZnDcsgkks2WVPouOlmtCB64rA5FVk+Y+hdFEvkXyHW6gTKCrK6otsbXvvsL4koaZTaRDpbIahRkMpI3OnxH6nqcRK/InwhHVCb1BeoKSG9Xy2X/AAJcH1IwDy34TdajsIcpzMJ3g8yabUFOM6eYQPiq8Om97DzGrF7XFwHWWKHQEvSGZSy9NNMkBTjbSRt4isWKl6Ba+4CsBMnZk1dbqVupKzYEtGOm3zsDTe22zq9/2fQ4kS59SVGitx2Vcy406SlDF9Kw4Ant00hz62wPsypk1pEypCE87GiCLIhzKouItp9pSta9KAoHWkoP7sWrMOn1Gt0B5EeQzGn0t6UthchzYjgab+LqAoj74A8kVCa7rLQcSwSVpUGCeGNCyhJBF9RUlKTe99Vwdxh6IuUw1NU9FCH0hS2FlgE3LhQEg26+E7eVj3xZZwjyZDVPWw4xwWpBU+w/OXFS+ktqAGtIJ2UQq3pgRjyedq7jDEOOG47BbWy/Xnm29YcUCpDgBK77DcC1sAXb1Rq7qVNpQdJHxDwAAgnVqQdtwmySSNzfCaqM9KmCtlTjbWhTqkxB4UXs4kWHYFJFvUb4paiiQKTmSYhiXeGpYZlR6s4BHCWGyNKdQ1hJud/m++OaHzdVqFQDyn5iWlr0FVbeiaLyJA2COuyQPSwGACWPVawtUdDkdaUh1CXUGPYpS4tGlQ9AlRQf39sAntcHBzO0CblURKvL868F7SHqRUWX6wh+Qp2qBpp9mtPEJ4jtmgWLhNkgpBG/QnfAj7ZrfiqPf/kkfxrxje9p6P8Amb3/AKDKiZ5pcOiwIrjEwuMxkNqKUJsSEgG3ixGqOaaNOmpkKFQQkcK6EtpBJQpRFlBdx85H7sLCxRXKoOqro7TqbPKdmmkQZUh9KZ6y+blJbTZP08fpv52HlierPtJKbGPNNxvdtH82FhYnUqK9lZOfx5Srg8vNuO/DR/Njz8b0MG/Iyb/4Lf8ANhYWGpUOysiGd6JoKeSk6VdRwUWP+bHreeKI1fhQpSL9dLKBf/NhYWGpUOysnC855fdWVu099aj3VHbJ/iw7+PKQVBXLTCQLA8NFwPL5vQYWFhqVDsrI2/nahyQBJgyHkg3AcYbUAfurDas3ZbWlKXKU4pKBZIMZo6R5DfbCwsNSodlZHhnagpaUyIMkNK+ZAYb0na241YZezRlOQoKk0TiqAtqchsqPn3PrhYWI1ah2VkcZzZlZiTzLNGU3IuTxkRGgu56m974AvaNUGswV1qZCStDaYyWyHgAbhSj2J88e4WKXK21udHTdNbtV5Un/2Q
                                            [parsed] => stdClass Object
                                                (
                                                    [source] => YouTube
                                                    [date] => 21 Aug 2019
                                                    [channel] => SANS Digital Forensics and Incident Response
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [title] => Digital Forensics 101 – How is it used to protect an ...
                                            [url] => https://www.youtube.com/watch?v=8DGc8gVNuuw
                                            [thumbnail] => data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAEYAfAMBIgACEQEDEQH/xAAcAAEAAQUBAQAAAAAAAAAAAAAABQECAwQHBgj/xAA5EAABAwIDBgUCAwYHAAAAAAABAgMRAAQFEiETIjFBUZEGMmFxgRShFSPBByRiktHwM0JSU3Kx4f/EABgBAQEBAQEAAAAAAAAAAAAAAAABAwQC/8QAGxEBAQEBAAMBAAAAAAAAAAAAAAECAxEhYTL/2gAMAwEAAhEDEQA/AO1rccQpX5JUkAZSkiT19qtNw4Cf3Vw+sj+tbFYbm4TbpQVpWrOsIAQmdT+lBe0tS0SptTZ6Kj9KvrEztSj8/IFydEEkROnH0ir4E8fvQXUqmYZsvOq0ClKUClK1ng84r8pTjYGkgJM+vGg2aVqFu6y6PLmeORP9aBu5/wB5fKNxPzz9qDbpWFhLqSQ6tS+hKQI7VmoFKUoFWj/UedVV5T7VEeL75eG+F8Uu2VZXmrR1TRn/ADBBIjtQcx/aF+06+OIvYT4YWGUNL2bl4AFKWsGClE6AA6TxPKOJhbbB/Ertt9afEmKi58wi7cyg968XhgaTdtbUkJTqn3HCumsvuIYLKLpzIcu/shuzy/v4rDruy+nVw551Lau8CftJxBnFkYF4tWl0Lc2Td4QEqbXyC4gEHQBXHhMzI7ClYEJWd4mB618r+Ktm5jNzkUVTAWfWI0+1fSXhO9dxHwzg99cavXFi064eqilJP3JrbN8xz6ni2JqlKVXkpUQnGHSlBNg7vIKtM3HoN3j251maxJZuUMvWq0ZlFOcSUg73OB0T/N6UEjSop3FLlE5cNcUqYSkK8wzETw04T8irfxl6TGHvEZlBJnTTNx00nLz6+0hL0qMTirqlJH0bgBdCNcwIBPmjLw/96VkN+6LjZfSLifNJiNplnh01/uaDfpSlBQ6gite/tmr6wftLgS0+2ppY6hQgj71s1p3zty07bIt7M3DbruV5QcCdgmCc8HzagCBrrQfMeL4DeYLi7+G4gghbKvNEB1E6LT6EfqOIr17a3mrVWVxK2smZLhScwEdvmuwY74ew3HmEtYpbB7J/hup0Wj2I1+OB5iodnwLh9uyGxdXimkpywQkqKRy8tTWZqNOfS4rhFh4fvscx/wDDLGVuuvKSp3js0zvLV6Dj66DnX07YWjVlaW9pbpys27SWmx0SkAf9AVE+FsOw60tlPYThrtoi6Sl1bz6MrrhM6EHeBHQwBOlegCQOFVmrWhfovVOA21w023uylWhMZs2sGNI5cu+/WrfWLN+hKLjPlScwyqI14T2nvQaSU4i2h4P4gwSoAtnRMQre5cIjrqT6VmaF0VNKcu2oQkB0JVoTCp5eqD8H5r+EWuVtICwlCioJzfxE/bMe9YzgNkpsNrDikBKkhJXoAoEHTnIKuPU0GNKcT27YXeW0ADO2F6nXWN32qqPrDbtZr9kupBCocEKMg8cvQL5aTziayKwS0UhTalPFtQgp2nsZnjxSnnrFXPYNaPFRXn3wUqE+YFRWR/MZ+KDC4jECpOXEmEqQUlxOURlCRm9t7tPxVAi/Sloqv2QokSFLBBG9MaCeKO3fZGE2yUqSguJSptTZE8lEn5iTE1QYPaAOD807TzkuHXdKfjRRGkUF9gi4ClF98OboSUhYVlUCqdco5FPb5O7WC1tWrVvIyDGnEyTAA4+wFZ6BSlWuIS42pChKVAgjqKC3MgwUqGvQ1ULTpvAzw1GtefOF4WxcIJs7dC2lA6PrGUiNY9gKoMMw4ZCm2bRGo/eHOo1n3A7Cgn9uzMbVE/8AIVlqBtsNsHAllqzbyghWjypEKJnuo96nqBSlKBWhimL2OFbH6+4DRfcS00nKVKWtRgAAAnUmK368n4swnF3sStsQwRu1W6nZhxTwKnEBCiobPeSBOYgmeGhkEwSvTWl0xe2yLm0dS6ysSlaDINZMw6iovw3hr2F2DjVw8t1x19x45yCU5jITIAmBz69awXnhq2ubldyXFpdW7tFGTwiIiR3pfj1iS/qpsKB4EH2q6obDsCRZYh9YHElezLeVDeRMGOU/wj5JqZqQ1JL6pSlKqFKUoKEA8RVaUoKQJmNarSlApSlApSlApSlApSlApSlB/9k
                                            [parsed] => stdClass Object
                                                (
                                                    [source] => YouTube
                                                    [date] => 18 May 2018
                                                    [channel] => PECB
                                                )

                                        )

                                )

                            [organic_position] => 1
                            [serp_type] => video
                            [isOrganicPage] => 
                            [isOrganic] => 1
                        )

                    [1] => stdClass Object
                        (
                            [position] => 2
                            [title] => How Computer Forensics Works | HowStuffWorks
                            [url] => https://computer.howstuffworks.com/computer-forensic.htm
                            [destination] => https://computer.howstuffworks.com › computer-forensic
                            [description] => Computer forensics works to analyze information on computer systems in an attempt to find evidence for a trial. Learn about computer forensics
                            [isAmp] => 
                            [date] => 25 Feb 2008
                            [organic_position] => 2
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => How Computer Forensics Works | HowStuffWorks
                            [serp_description] => The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a ...
                            [hostname] => computer.howstuffworks.com
                            [canonical] => https://computer.howstuffworks.com/computer-forensic.htm
                            [h1] => How Computer Forensics Works
                            [h2] => Array
                                (
                                    [0] => Computer Forensics Basics
                                    [1] => Phases of a Computer Forensics Investigation
                                    [2] => Anti-Forensics
                                    [3] => Standards of Computer Evidence
                                    [4] => Computer Forensics Tools
                                    [5] => Lots More Information
                                    [6] => Games
                                    [7] => More Awesome Stuff
                                )

                            [h3] => Array
                                (
                                    [0] => Related HowStuffWorks Articles
                                    [1] => More Great Links
                                    [2] => Sources
                                    [3] => Cite This!
                                    [4] => Try Our Crossword Puzzles!
                                    [5] => Can You Guess the Answer?
                                    [6] => Try Our Sudoku Puzzles!
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => Computer Forensics Basics
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => Phases of a Computer Forensics Investigation
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Anti-Forensics
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Standards of Computer Evidence
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Computer Forensics Tools
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Lots More Information
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Games
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => More Awesome Stuff
                                        )

                                )

                            [published_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 25o February 2008
                                    [dateISO] => 2008-02-25T03:00:00-05:00
                                )

                            [type] => article
                            [wordCount] => 3468
                            [imgCount] => 14
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 79
                                    [outboundSize] => 9
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Getty Images
                                                    [href] => http://www.gettyimages.com/Home.aspx?esource
                                                    [hrefDomain] => gettyimages.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => forensics
                                                    [href] => http://news.discovery.com/forensic-science/
                                                    [hrefDomain] => discovery.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => CSO
                                                    [href] => http://www.csoonline.com/read/060107/fea_antiforensics.html
                                                    [hrefDomain] => csoonline.com
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => iStockphoto
                                                    [href] => http://www.istockphoto.com
                                                    [hrefDomain] => istockphoto.com
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => Robbins
                                                    [href] => http://computerforensics.net/forensics.htm
                                                    [hrefDomain] => computerforensics.net
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => iStockphoto
                                                    [href] => http://www.istockphoto.com
                                                    [hrefDomain] => istockphoto.com
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => iStockphoto
                                                    [href] => http://www.istockphoto.com
                                                    [hrefDomain] => istockphoto.com
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => Judd Robbins' Home Page
                                                    [href] => http://computerforensics.net/
                                                    [hrefDomain] => computerforensics.net
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => United States Department of Justice
                                                    [href] => http://www.usdoj.gov/
                                                    [hrefDomain] => usdoj.gov
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Computer Forensics Basics . 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Phases of a Computer Forensics Investigation. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Anti-Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Standards of Computer Evidence. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Computer Forensics Tools. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Lots More Information. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Related HowStuffWorks Articles. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => More Great Links. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Sources. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => 
		Cite This!
	. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Games. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Try Our Crossword Puzzles!
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Can You Guess the Answer?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Try Our Sudoku Puzzles!
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => More Awesome Stuff. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://cdn.hswstatic.com/gif/computer-forensic-1.jpg
                                    [twitterImage] => https://cdn.hswstatic.com/gif/computer-forensic-1.jpg
                                )

                            [schema_type] => Array
                                (
                                    [0] => Article
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => How Computer Forensics Works By: Jonathan StricklandShare Content on TwitterShare Content on FacebookShare Content on LinkedInShare Content on FlipboardShare Content on RedditShare Content via Email "" Paul Howell/Getty ImagesImagine how many files were retrieved from these computers on Enron's trading floor. See more computer pictures.When the company Enron declared bankruptcy in December 2001, hundreds of employees were left jobless while some executives seemed to benefit from the company's collapse. The United States Congress decided to investigate after hearing allegations of corporate misconduct. Much of Congress' investigation relied on computer files as evidence. A specialized detective force began to search through hundreds of Enron employee computers using computer forensics.The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial. Many of the techniques detectives use in crime scene investigations have digital counterparts, but there are also some unique aspects to computer investigations.AdvertisementFor example, just opening a computer file changes the file -- the computer records the time and date it was accessed on the file itself. If detectives seize a computer and then start opening files, there's no way to tell for sure that they didn't change anything. Lawyers can contest the validity of the evidence when the case goes to court.Some people say that using digital information as evidence is a bad idea. If it's easy to change computer data, how can it be used as reliable evidence? Many countries allow computer evidence in trials, but that could change if digital evidence proves untrustworthy in future cases.­Computers are getting more powerful, so the field of computer forensics must constantly evolve. In the early days of computers, it was possible for a single detective to sort through files because storage capacity was so low. Today, with hard drives capable of holding gigabytes and even terabytes of data, that's a daunting task. Detectives must discover new ways to search for evidence without dedicating too many resources to the process.What are the basics of computer forensics? What can investigators look for, and where do they look? Find out in the next section.This Whole Court is Out of OrderVincent Liu, a computer security specialist, used to create anti-forensic applications. He didn't do it to hide his activities or make life more difficult for investigators. Instead, he did it to demonstrate that computer data is unreliable and shouldn't be used as evidence in a court of law. Liu is concerned that computer forensics tools aren't foolproof and that relying on computer evidence is a mistake [source: CSO].AdvertisementContentsComputer Forensics Basics Phases of a Computer Forensics InvestigationAnti-ForensicsStandards of Computer EvidenceComputer Forensics ToolsComputer Forensics Basics . "" What's brewing in this lab? Computer forensics. ©iStockphoto/James Steidl The field of computer forensics is relatively young. In the early days of computing, courts considered evidence from computers to be no different from any other kind of evidence. As computers became more advanced and sophisticated, opinion shifted -- the courts learned that computer evidence was easy to corrupt, destroy or change.Investigators realized that there was a need to develop specific tools and processes to search computers for evidence without affecting the information itself. Detectives partnered with computer scientists to discuss the appropriate procedures and tools they'd need to use to retrieve evidence from a computer. Gradually, they developed the procedures that now make up the field of computer forensics.AdvertisementUsually, detectives have to secure a warrant to search a suspect's computer for evidence. The warrant must include where detectives can search and what sort of evidence they can look for. In other words, a detective can't just serve a warrant and look wherever he or she likes for anything suspicious. In addition, the warrant's terms can't be too general. Most judges require detectives to be as specific as possible when requesting a warrant.For this reason, it's important for detectives to research the suspect as much as possible before requesting a warrant. Consider this example: A detective secures a warrant to search a suspect's laptop computer. The detective arrives at the suspect's home and serves the warrant. While at the suspect's home, the detective sees a desktop PC. The detective can't legally search the PC because it wasn't included in the original warrant.Every computer investigation is somewhat unique. Some investigations might only require a week to complete, but others could take months. Here are some factors that can impact the length of an investigation:The expertise of the detectivesThe number of computers being searchedThe amount of storage detectives must sort through (hard drives, CDs, DVDs and thumb drives)Whether the suspect attempted to hide or delete informationThe presence of encrypted files or files that are protected by passwordsWhat are the steps in collecting evidence from a computer? Keep reading to find out.In Plain ViewThe plain view doctrine gives detectives the authority to gather any evidence that is in the open while conducting a search. If the detective in our example saw evidence of a crime on the screen of the suspect's desktop PC, then the detective could use that as evidence against the suspect and search the PC even though it wasn't covered in the original warrant. If the PC wasn't turned on, then the detective would have no authority to search it and would have to leave it alone.AdvertisementPhases of a Computer Forensics Investigation. Judd Robbins, a computer scientist and leading expert in computer forensics, lists the following steps investigators should follow to retrieve computer evidence:Secure the computer system to ensure that the equipment and data are safe. This means the detectives must make sure that no unauthorized individual can access the computers or storage devices involved in the search. If the computer system connects to the Internet, detectives must sever the connection.Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten. Investigators should make a copy of all the files on the system. This includes files on the computer's hard drive or in other storage devices. Since accessing a file can alter it, it's important that investigators only work from copies of files while searching for evidence. The original system should remain preserved and intact.Recover as much deleted information as possible using applications that can detect and retrieve deleted data.Reveal the contents of all hidden files with programs designed to detect the presence of hidden data.Decrypt and access protected files.Analyze special areas of the computer's disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer's drive is called unallocated space. That space could contain files or parts of files that are relevant to the case.)Document every step of the procedure. It's important for detectives to provide proof that their investigations preserved all the information on the computer system without changing or damaging it. Years can pass between an investigation and a trial, and without proper documentation, evidence may not be admissible. Robbins says that the documentation should include not only all the files and data recovered from the system, but also a report on the system's physical layout and whether any files had encryption or were otherwise hidden.Be prepared to testify in court as an expert witness in computer forensics. Even when an investigation is complete, the detectives' job may not be done. They may still need to provide testimony in court [source: Robbins].All of these steps are important, but the first step is critical. If investigators can't prove that they secured the computer system, the evidence they find may not be admissible. It's also a big job. In the early days of computing, the system might have included a PC and a few floppy disks. Today, it could include multiple computers, disks, thumb drives, external drives, peripherals and Web servers.AdvertisementSome criminals have found ways to make it even more difficult for investigators to find information on their systems. They use programs and applications known as anti-forensics. Detectives have to be aware of these programs and how to disable them if they want to access the information in computer systems.What exactly are anti-forensics, and what's their purpose? Find out in the next section.Not as Deleted as You ThinkWhen you delete a file, your computer moves the file to a new directory. Once you empty your recycle bin, your computer makes a note that the space occupied by that file is available. The file remains there until the computer writes new data on that part of the drive. With the right software, you can retrieve deleted files as long as they haven't been overwritten.AdvertisementAnti-Forensics. "" If the anti-forensic measures taken were drastic enough, investigators may not ever crack into the computer system. ©iStockphoto/Marc Dietrich Anti-forensics can be a computer investigator's worst nightmare. Programmers design anti-forensic tools to make it hard or impossible to retrieve information during an investigation. Essentially, anti-forensics refers to any technique, gadget or software designed to hamper a computer investigation.There are dozens of ways people can hide information. Some programs can fool computers by changing the information in files' headers. A file header is normally invisible to humans, but it's extremely important -- it tells the computer what kind of file the header is attached to. If you were to rename an mp3 file so that it had a .gif extension, the computer would still know the file was really an mp3 because of the information in the header. Some programs let you change the information in the header so that the computer thinks it's a different kind of file. Detectives looking for a specific file format could skip over important evidence because it looked like it wasn't relevant.AdvertisementOther programs can divide files up into small sections and hide each section at the end of other files. Files often have unused space called slack space. With the right program, you can hide files by taking advantage of this slack space. It's very challenging to retrieve and reassemble the hidden information.It's also possible to hide one file inside another. Executable files -- files that computers recognize as programs -- are particularly problematic. Programs called packers can insert executable files into other kinds of files, while tools called binders can bind multiple executable files together.Encryption is another way to hide data. When you encrypt data, you use a complex set of rules called an algorithm to make the data unreadable. For example, the algorithm might change a text file into a seemingly meaningless collection of numbers and symbols. A person wanting to read the data would need the encryption's key, which reverses the encryption process so that the numbers and symbols would become text. Without the key, detectives have to use computer programs designed to crack the encryption algorithm. The more sophisticated the algorithm, the longer it will take to decrypt it without a key.Other anti-forensic tools can change the metadata attached to files. Metadata includes information like when a file was created or last altered. Normally you can't change this information, but there are programs that can let a person alter the metadata attached to files. Imagine examining a file's metadata and discovering that it says the file won't exist for another three years and was last accessed a century ago. If the metadata is compromised, it makes it more difficult to present the evidence as reliable.Some computer applications will erase data if an unauthorized user tries to access the system. Some programmers have examined how computer forensics programs work and have tried to create applications that either block or attack the programs themselves. If computer forensics specialists come up against such a criminal, they have to use caution and ingenuity to retrieve data.A few people use anti-forensics to demonstrate how vulnerable and unreliable computer data can be. If you can't be sure when a file was created, when it was last accessed or even if it ever existed, how can you justify using computer evidence in a court of law? While that may be a valid question, many countries do accept computer evidence in court, though the standards of evidence vary from one country to another.What exactly are the standards of evidence? We'll find out in the next section.AdvertisementStandards of Computer Evidence. In the United States, the rules are extensive for seizing and using computer evidence. The U.S. Department of Justice has a manual titled "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations." The document explains when investigators are allowed to include computers in a search, what kind of information is admissible, how the rules of hearsay apply to computer information and guidelines for conducting a search.If the investigators believe the computer system is only acting as a storage device, they usually aren't allowed to seize the hardware itself. This limits any evidence investigation to the field. On the other hand, if the investigators believe the hardware itself is evidence, they can seize the hardware and bring it to another location. For example, if the computer is stolen property, then the investigators could seize the hardware.AdvertisementIn order to use evidence from a computer system in court, the prosecution must authenticate the evidence. That is, the prosecution must be able to prove that the information presented as evidence came from the suspect's computer and that it remains unaltered.Although it's generally acknowledged that tampering with computer data is both possible and relatively simple to do, the courts of the United States so far haven't discounted computer evidence completely. Rather, the courts require proof or evidence of tampering before dismissing computer evidence.Another consideration the courts take into account with computer evidence is hearsay. Hearsay is a term referring to statements made outside of a court of law. In most cases, courts can't allow hearsay as evidence. The courts have determined that information on a computer does not constitute hearsay in most cases, and is therefore admissible. If the computer records include human-generated statements like e-mail messages, the court must determine if the statements can be considered trustworthy before allowing them as evidence. Courts determine this on a case-by-case basis.Computer forensics experts use some interesting tools and applications in their investigations. Learn more about them in the next section.Think Globally, Prosecute LocallyOne challenge computer investigators face is that while computer crimes know no borders, laws do. What's illegal in one country may not be in another. Moreover, there are no standardized international rules regarding the collection of computer evidence. Some countries are trying to change that. The G8 group, which includes the United States, Canada, France, Germany, Great Britain, Japan, Italy and Russia, has identified six general guidelines regarding computer forensics. These guidelines concentrate on preserving evidence integrity.AdvertisementComputer Forensics Tools. "" No matter how limited a department's budget is, no credible investigator would stoop to wrenching open a computer to find clues. ©iStockphoto/Muharrem Oner Programmers have created many computer forensics applications. For many police departments, the choice of tools depends on department budgets and available expertise.Here are a few computer forensics programs and devices that make computer investigations possible:AdvertisementDisk imaging software records the structure and contents of a hard drive. With such software, it's possible to not only copy the information in a drive, but also preserve the way files are organized and their relationship to one another.Software or hardware write tools copy and reconstruct hard drives bit by bit. Both the software and hardware tools avoid changing any information. Some tools require investigators to remove hard drives from the suspect's computer first before making a copy.Hashing tools compare original hard disks to copies. The tools analyze data and assign it a unique number. If the hash numbers on an original and a copy match, the copy is a perfect replica of the original.Investigators use file recovery programs to search for and restore deleted data. These programs locate data that the computer has marked for deletion but has not yet overwritten. Sometimes this results in an incomplete file, which can be more difficult to analyze.There are several programs designed to preserve the information in a computer's random access memory (RAM). Unlike information on a hard drive, the data in RAM ceases to exist once someone shuts off the computer. Without the right software, this information could be lost easily.Analysis software sifts through all the information on a hard drive, looking for specific content. Because modern computers can hold gigabytes of information, it's very difficult and time consuming to search computer files manually. For example, some analysis programs search and evaluate Internet cookies, which can help tell investigators about the suspect's Internet activities. Other programs let investigators search for specific content that may be on the suspect's computer system.Encryption decoding software and password cracking software are useful for accessing protected data.These tools are only useful as long as investigators follow the right procedures. Otherwise, a good defense lawyer could suggest that any evidence gathered in the computer investigation isn't reliable. Of course, a few anti-forensics experts argue that no computer evidence is completely reliable.Whether courts continue to accept computer evidence as reliable remains to be seen. Anti-forensics experts argue that it's only a matter of time before someone proves in a court of law that manipulating computer data without being detected is both possible and plausible. If that's the case, courts may have a hard time justifying the inclusion of computer evidence in a trial or investigation.To learn more about computer forensics and related topics, follow the links on the next page.Phoning It InCell phones can contain important information on them. A cell phone is essentially a small computer. A few computer forensics vendors offer devices that can copy all the contents in a cell phone's memory and print up a comprehensive report. These devices retrieve everything from text messages to ring tones.AdvertisementLots More Information. Related HowStuffWorks Articles. How Bits and Bites WorkHow Cable Modems WorkHow Computer Memory WorksHow Computer Viruses WorkHow Encryption WorksHow Home Networking WorksHow Motherboards WorkHow Operating Systems WorkHow Quantum Encryption WorksHow Safecracking WorksHow Spies WorkHow Wiretapping WorksMore Great Links. Judd Robbins' Home PageUnited States Department of JusticeSources. Berinato, Scott. "The Rise of Antiforensics." CSO Online. June, 2007. http://www.csoonline.com/read/060107/fea_antiforensics.htmlComputer Forensics Tool Testing Project http://www.cftt.nist.gov/index.html"Federal Rules of Evidence." Cornell Law School. http://www.law.cornell.edu/rules/fre/rules.htm#Rule1001Fitzgerald, Thomas J. "Deleted But Not Gone." The New York Times. November 3, 2005. http://www.nytimes.com/2005/11/03/technology/circuits/03basics.htmlex=1288674000&en=52520fd64c31403f&ei=5090&partner=rssuserland&emc=rssKerr, Orin S. "Computer Records and the Federal Rules of Evidence." U.S. Department of Justice. March, 2001. http://www.usdoj.gov/criminal/cybercrime/usamarch2001_4.htmHarris, Ryan. "Arriving at an anti-forensics consensus." Digital Investigation. 2006. http://dfrws.org/2006/proceedings/6-Harris.pdf"How the FBI Investigates Computer Crime." CERT. http://www.cert.org/tech_tips/FBI_investigates_crime.htmlOseles, Lisa. "Computer Forensics: The Key to Solving the Crime."Peron, Christian S. J. and Legary, Michael. "Digital Anti-Forensics: Emerging trends in data transformation techniques." Seccuris Labs. http://www.seccuris.com/documents/papers/Seccuris-Antiforensics.pdfRobbins, Judd. "An Explanation of Computer Forensics." http://computerforensics.net/forensics.htm"Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations." United States Department of Justice. July 2002. http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm#_V_"The Fall of Enron." Chron.com. http://www.chron.com/news/specials/enron/Walker, Cornell. "Computer Forensics: Bringing the Evidence to Court." InfosecWriters. http://www.infosecwriters.com/text_resources/pdf/Computer_Forensics_to_Court.pdfWitter, Franklin. "Legal Aspects of Collecting and Preserving Computer Forensic Evidence." Global Information Assurance Certification. April 20, 2001. http://www.giac.org/certified_professionals/practicals/gsec/0636.php Cite This! . Please copy/paste the following text to properly cite this HowStuffWorks.com article: Close CitationGames. Try Our Crossword Puzzles!Can You Guess the Answer?Try Our Sudoku Puzzles!More Awesome Stuff. "" Up NextHow Hackers WorkExplore More "" You May LikeCan the Government See Which Websites I Visit?Explore MoreAdvertisementAdvertisementLoading...AdvertisementAdvertisementAdvertisement
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 121
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 54
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => file
                                            [tf] => 53
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 42
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 28
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 22
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => court
                                            [tf] => 21
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 19
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => investigator
                                            [tf] => 19
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => program
                                            [tf] => 19
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => search
                                            [tf] => 17
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 17
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => detectif
                                            [tf] => 17
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 16
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 16
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => computer evidence
                                            [tf] => 15
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => anti forensic
                                            [tf] => 13
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => anti
                                            [tf] => 13
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => suspect
                                            [tf] => 12
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => content
                                            [tf] => 11
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => hard
                                            [tf] => 11
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => detective
                                            [tf] => 10
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => computer system
                                            [tf] => 9
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => software
                                            [tf] => 9
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => deleted
                                            [tf] => 8
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => find
                                            [tf] => 8
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => change
                                            [tf] => 8
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => retrieve
                                            [tf] => 8
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => warrant
                                            [tf] => 8
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => include
                                            [tf] => 8
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => copy
                                            [tf] => 8
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => drive
                                            [tf] => 7
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => space
                                            [tf] => 7
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => department
                                            [tf] => 7
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => evidence court
                                            [tf] => 6
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => united state
                                            [tf] => 5
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => information computer
                                            [tf] => 5
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => file file
                                            [tf] => 5
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => file computer
                                            [tf] => 5
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => computer data
                                            [tf] => 5
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => forensic tool
                                            [tf] => 5
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => evidence computer
                                            [tf] => 5
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => computer record
                                            [tf] => 4
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => computer file
                                            [tf] => 4
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => hard drif
                                            [tf] => 4
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => court law
                                            [tf] => 4
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => suspect computer
                                            [tf] => 4
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => hard drive
                                            [tf] => 4
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => evidence trial
                                            [tf] => 3
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => field computer
                                            [tf] => 3
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => early day
                                            [tf] => 3
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => search computer
                                            [tf] => 3
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => pc wasnt
                                            [tf] => 3
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => computer investigation
                                            [tf] => 3
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => storage device
                                            [tf] => 3
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => program designed
                                            [tf] => 3
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => file header
                                            [tf] => 3
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => kind file
                                            [tf] => 3
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => executable file
                                            [tf] => 3
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => seizing computer
                                            [tf] => 3
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => department justice
                                            [tf] => 3
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => forensic expert
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 55
                            [rank] => 10218
                        )

                    [2] => stdClass Object
                        (
                            [position] => 3
                            [questions] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [question] => How does digital forensics work?
                                        )

                                    [1] => stdClass Object
                                        (
                                            [question] => What are the steps in the digital forensic process?
                                        )

                                    [2] => stdClass Object
                                        (
                                            [question] => How does digital forensics help solve crimes?
                                        )

                                    [3] => stdClass Object
                                        (
                                            [question] => What are the 4 steps of the forensic process?
                                        )

                                )

                            [organic_position] => 3
                            [serp_type] => questions
                            [isOrganicPage] => 
                            [isOrganic] => 1
                        )

                    [3] => stdClass Object
                        (
                            [position] => 4
                            [title] => Digital Evidence: How It’s Done
                            [url] => http://www.forensicsciencesimplified.org/digital/how.html
                            [destination] => http://www.forensicsciencesimplified.org › digital › how
                            [description] => 
                            [isAmp] => 
                            [organic_position] => 4
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Digital Evidence: How It's Done - Forensic Science Simplified
                            [serp_description] => Photos taken with a Global Positioning System (GPS)-enabled device contain file data that shows when and exactly where a photo was taken. By gaining a subpoena ...
                            [hostname] => forensicsciencesimplified.org
                            [canonical] => /
                            [h1] => Digital Evidence
                            [h2] => Array
                                (
                                    [0] => How It’s Done
                                )

                            [h3] => Array
                                (
                                    [0] => A Simplified Guide To
                                    [1] => Evidence that May be Gathered Digitally
                                    [2] => Who Conducts the Analysis
                                    [3] => How Digital Devices are Collected
                                    [4] => How and Where the Analysis is Performed
                                    [5] => Find Out More
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => How It’s Done
                                        )

                                )

                            [wordCount] => 1820
                            [imgCount] => 0
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 11
                                    [outboundSize] => 1
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => National Institute of Justice
                                                    [href] => http://www.nij.gov/nij/topics/forensics/evidence/digital/investigative-tools/welcome.htm
                                                    [hrefDomain] => nij.gov
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 3
                                            [name] => A Simplified Guide To. 
                                            [tag] => h3
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How It’s Done. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Evidence that May be Gathered Digitally. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Who Conducts the Analysis. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How Digital Devices are Collected. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How and Where the Analysis is Performed. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Find Out More. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Digital Evidence How It’s Done. Evidence that May be Gathered Digitally. Computer documents, emails, text and instant messages, transactions, images and Internet histories are examples of information that can be gathered from electronic devices and used very effectively as evidence. For example, mobile devices use online-based based backup systems, also known as the “cloud”, that provide forensic investigators with access to text messages and pictures taken from a particular phone. These systems keep an average of 1,000–1,500 or more of the last text messages sent to and received from that phone. In addition, many mobile devices store information about the locations where the device traveled and when it was there. To gain this knowledge, investigators can access an average of the last 200 cell locations accessed by a mobile device. Satellite navigation systems and satellite radios in cars can provide similar information. Even photos posted to social media such as Facebook may contain location information. Photos taken with a Global Positioning System (GPS)-enabled device contain file data that shows when and exactly where a photo was taken. By gaining a subpoena for a particular mobile device account, investigators can collect a great deal of history related to a device and the person using it. Who Conducts the Analysis. According to the National Institute of Justice, “Digital evidence should be examined only by those trained specifically for that purpose.” With the wide variety of electronic devices in use today and the speed with which they change, keeping up can be very difficult for local law enforcement. Many agencies do not have a digital evidence expert on hand and, if they do, the officer might be a specialist in cell phones but not social media or bank fraud. A detective may be able to log onto e-Bay® and look for stolen property but may be unable to capture cell phone text message histories and could destroy evidence just by trying. Many take an interest in the area and learn what they can, but there is no single path to digital evidence expertise—qualifications and certifications are not standardized across the country. Incorporation of digital seizure techniques is becoming more widespread in first responder training. Certified Digital Media Examiners are investigators who have the education, training and experience to properly exploit this sensitive evidence. That said, there is no single certifying body, and certification programs can contain different courses of study. Generally speaking, these professionals have demonstrated core competencies in pre-examination procedures and legal issues, media assessment and analysis, data recovery, specific analysis of recovered data, documentation and reporting, and presentation of findings. While certification of examiners is not required in most agencies, it is becoming a widely valued asset and the numbers of certified examiners will increase. Vendor-neutral (not software based, but theory- and process-based) certification is offered through the Digital Forensics Certification Board (DFCB), an independent certifying organization for digital evidence examiners, the National Computer Forensics Academy at the High Tech Crime Institute and some colleges. Most states have at least one laboratory or section for digital forensics and a variety of task forces including Internet Crimes Against Children (ICAC), Joint Terrorism Task Force (JTTF), and Narcotics and Property Crimes. These forces comprise officers with specialized training, including search, seizure and exploitation of digital evidence as it pertains to their area of expertise. Agencies and investigators must work together to ensure the highest level of security and evidence handling is used. In the United States, the FBI can provide assistance in some specialty areas. How Digital Devices are Collected. On the scene: As anyone who has dropped a cell phone in a lake or had their computer damaged in a move or a thunderstorm knows, digitally stored information is very sensitive and easily lost. There are general best practices, developed by organizations like SWGDE and NIJ, to properly seize devices and computers. Once the scene has been secured and legal authority to seize the evidence has been confirmed, devices can be collected. Any passwords, codes or PINs should be gathered from the individuals involved, if possible, and associated chargers, cables, peripherals, and manuals should be collected. Thumb drives, cell phones, hard drives and the like are examined using different tools and techniques, and this is most often done in a specialized laboratory. First responders need to take special care with digital devices in addition to normal evidence collection procedures to prevent exposure to things like extreme temperatures, static electricity and moisture. Seizing Mobile Devices • Devices should be turned off immediately and batteries removed, if possible. Turning off the phone preserves cell tower location information and call logs, and prevents the phone from being used, which could change the data on the phone. In addition, if the device remains on, remote destruction commands could be used without the investigator’s knowledge. Some phones have an automatic timer to turn on the phone for updates, which could compromise data, so battery removal is optimal. • If the device cannot be turned off, then it must be isolated from its cell tower by placing it in a Faraday bag or other blocking material, set to airplane mode, or the Wi-Fi, Bluetooth or other communications system must be disabled. Digital devices should be placed in antistatic packaging such as paper bags or envelopes and cardboard boxes. Plastic should be avoided as it can convey static electricity or allow a buildup of condensation or humidity. In emergency or life threatening situations, information from the phone can be removed and saved at the scene, but great care must be taken in the documentation of the action and the preservation of the data. • When sending digital devices to the laboratory, the investigator must indicate the type of information being sought, for instance phone numbers and call histories from a cell phone, emails, documents and messages from a computer, or images on a tablet. Seizing Stand Alone Computers and Equipment: To prevent the alteration of digital evidence during collection, first responders should first document any activity on the computer, components, or devices by taking a photograph and recording any information on the screen. Responders may move a mouse (without pressing buttons or moving the wheel) to determine if something is on the screen. If the computer is on, calling on a computer forensic expert is highly recommended as connections to criminal activity may be lost by turning off the computer. If a computer is on but is running destructive software (formatting, deleting, removing or wiping information), power to the computer should be disconnected immediately to preserve whatever is left on the machine. Office environments provide a challenging collection situation due to networking, potential loss of evidence and liabilities to the agency outside of the criminal investigation. For instance, if a server is turned off during seizure that is providing a service to outside customers, the loss of service to the customer may be very damaging. In addition, office equipment that could contain evidence such as copiers, scanners, security cameras, facsimile machines, pagers and caller ID units should be collected. Computers that are off may be collected into evidence as per usual agency digital evidence procedures. How and Where the Analysis is Performed. Exploiting data in the laboratory: Once the digital evidence has been sent to the laboratory, a qualified analyst will take the following steps to retrieve and analyze data: 1. Prevent contamination: It is easy to understand cross contamination in a DNA laboratory or at the crime scene, but digital evidence has similar issues which must be prevented by the collection officer. Prior to analyzing digital evidence, an image or work copy of the original storage device is created. When collecting data from a suspect device, the copy must be stored on another form of media to keep the original pristine. Analysts must use “clean” storage media to prevent contamination or the introduction of data from another source. For example, if the analyst was to put a copy of the suspect device on a CD that already contained information, that information might be analyzed as though it had been on the suspect device. Although digital storage media such as thumb drives and data cards are reusable, simply erasing the data and replacing it with new evidence is not sufficient. The destination storage unit must be new or, if reused, it must be forensically “wiped” prior to use. This removes all content, known and unknown, from the media. 2. Isolate Wireless Devices: Cell phones and other wireless devices should be initially examined in an isolation chamber, if available. This prevents connection to any networks and keeps evidence as pristine as possible. The Faraday bag can be opened inside the chamber and the device can be exploited, including phone information, Federal Communications Commission (FCC) information, SIM cards, etc. The device can be connected to analysis software from within the chamber. If an agency does not have an isolation chamber, investigators will typically place the device in a Faraday bag and switch the phone to airplane mode to prevent reception. 3. Install write-blocking software: To prevent any change to the data on the device or media, the analyst will install a block on the working copy so that data may be viewed but nothing can be changed or added. 4. Select extraction methods: Once the working copy is created, the analyst will determine the make and model of the device and select extraction software designed to most completely “parse the data,” or view its contents. 5. Submit device or original media for traditional evidence examination: When the data has been removed, the device is sent back into evidence. There may be DNA, trace, fingerprint, or other evidence that may be obtained from it and the digital analyst can now work without it. Learn more about DNA, trace evidence, or fingerprints ▸ 6. Proceed with investigation: At this point, the analyst will use the selected software to view data. The analyst will be able to see all the files on the drive, can see if areas are hidden and may even be able to restore organization of files allowing hidden areas to be viewed. Deleted files are also visible, as long as they haven’t been over-written by new data. Partially deleted files can be of value as well. Files on a computer or other device are not the only evidence that can be gathered. The analyst may have to work beyond the hardware to find evidence that resides on the Internet including chat rooms, instant messaging, websites and other networks of participants or information. By using the system of Internet addresses, email header information, time stamps on messaging and other encrypted data, the analyst can piece together strings of interactions that provide a picture of activity. Back to top of page ▲ Find Out More. Introduction Principles Applications How It’s Done ◀ FAQs Common Terms Resources & References
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 34
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 29
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 21
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 20
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => phone
                                            [tf] => 17
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 16
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 14
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 11
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => media
                                            [tf] => 11
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => analyst
                                            [tf] => 10
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => investigator
                                            [tf] => 9
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => prevent
                                            [tf] => 9
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => cell
                                            [tf] => 9
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => cell phone
                                            [tf] => 6
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 6
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => file
                                            [tf] => 6
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => agency
                                            [tf] => 6
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => software
                                            [tf] => 6
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => laboratory
                                            [tf] => 6
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => mobile device
                                            [tf] => 5
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => message
                                            [tf] => 5
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => mobile
                                            [tf] => 5
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => provide
                                            [tf] => 5
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 5
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 5
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => area
                                            [tf] => 5
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => certification
                                            [tf] => 5
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => collected
                                            [tf] => 5
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => copy
                                            [tf] => 5
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => digital device
                                            [tf] => 4
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => collection
                                            [tf] => 4
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => bag
                                            [tf] => 4
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => storage
                                            [tf] => 4
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => chamber
                                            [tf] => 4
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => text message
                                            [tf] => 3
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => faraday bag
                                            [tf] => 3
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => suspect device
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 42
                            [rank] => 1215241
                        )

                    [4] => stdClass Object
                        (
                            [position] => 5
                            [title] => What is Digital Forensics | Phases of Digital Forensics | EC-Council
                            [url] => https://www.eccouncil.org/what-is-digital-forensics/
                            [destination] => https://www.eccouncil.org › what-is-digital-forensics
                            [description] => Digital forensics or digital forensic science, is a branch of forensic science that focuses on the recovery and investigation of material related to cybercrime, found in digital devices
                            [isAmp] => 
                            [organic_position] => 5
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What is Digital Forensics | Phases of Digital Forensics - EC ...
                            [serp_description] => “Digital forensics is the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form ...
                            [hostname] => eccouncil.org
                            [canonical] => https://www.eccouncil.org/what-is-digital-forensics/
                            [h1] => Digital Forensics
                            [h2] => Array
                                (
                                    [0] => When Did Digital Forensics Start?
                                    [1] => How Is Digital Forensics Used in an Investigation?
                                    [2] => Recent Case Study –
                                    [3] => Key Job Roles of a Digital Forensic Investigator
                                    [4] => Skills Required to Become a Digital Forensic Investigator
                                    [5] => The Average Salary of a Digital Forensics Investigator
                                    [6] => The Life of a Digital Forensic Investigator
                                )

                            [h3] => Array
                                (
                                    [0] => Learn How Important Cyber Forensics Is for a Business
                                    [1] => Is Digital Forensics a Good Career?
                                    [2] => Requirements to Become a Forensic Expert
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => When Did Digital Forensics Start?
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => How Is Digital Forensics Used in an Investigation?
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Recent Case Study –
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Key Job Roles of a Digital Forensic Investigator
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Skills Required to Become a Digital Forensic Investigator
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => The Average Salary of a Digital Forensics Investigator
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => The Life of a Digital Forensic Investigator
                                        )

                                )

                            [modified_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 8o September 2021
                                    [dateISO] => 2021-09-08T08:52:01+00:00
                                )

                            [type] => article
                            [wordCount] => 3783
                            [imgCount] => 15
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 120
                                    [outboundSize] => 16
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.twitter.com/ECCOUNCIL
                                                    [hrefDomain] => twitter.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.facebook.com/ECCouncil
                                                    [hrefDomain] => facebook.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.youtube.com/user/eccouncilusa
                                                    [hrefDomain] => youtube.com
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.linkedin.com/company/ec-council
                                                    [hrefDomain] => linkedin.com
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => -Techopedia
                                                    [href] => https://www.techopedia.com/definition/27805/digital-forensics
                                                    [hrefDomain] => techopedia.com
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => a digital forensic investigator’s role
                                                    [href] => https://study.com/articles/Computer_Forensics_Analyst_Job_Description_Duties_and_Requirements.html
                                                    [hrefDomain] => study.com
                                                    [rel] => noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Magnet Media program
                                                    [href] => https://technologyfirst.org/magazines/2014/34-august/993-computer-forensics-takes-a-bite-out-of-crime.html
                                                    [hrefDomain] => technologyfirst.org
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => Cliff Stoll
                                                    [href] => https://www.giac.org/paper/gsec/2300/honeypots-weighing-costs-benefits/103964
                                                    [hrefDomain] => giac.org
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => electronic discovery
                                                    [href] => https://www.hsdl.org/?view&did=701380
                                                    [hrefDomain] => hsdl.org
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => PA news agency
                                                    [href] => https://eandt.theiet.org/content/articles/2020/04/police-struggle-to-cope-with-digital-evidence-backlog/
                                                    [hrefDomain] => theiet.org
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => Times investigation
                                                    [href] => https://www.thetimes.co.uk/article/backlog-of-devices-awaiting-police-analysis-leaves-trials-facing-collapse-bgb6zft9x
                                                    [hrefDomain] => thetimes.co.uk
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => Payscale
                                                    [href] => https://www.payscale.com/research/US/Job=Forensic_Computer_Analyst/Salary
                                                    [hrefDomain] => payscale.com
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => Bachelor of Science in Cyber Security
                                                    [href] => https://www.eccu.edu/academics/bachelor-of-science-in-cyber-security/
                                                    [hrefDomain] => eccu.edu
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => Master of Science in Cyber Security with Digital Forensic specialization
                                                    [href] => https://www.eccu.edu/specialization-digital-forensics/
                                                    [hrefDomain] => eccu.edu
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => jurisdiction of the data
                                                    [href] => https://searchcloudsecurity.techtarget.com/tip/Digital-forensic-challenges-in-a-cloud-computing-environment
                                                    [hrefDomain] => techtarget.com
                                                    [isOutbound] => 1
                                                )

                                            [15] => stdClass Object
                                                (
                                                    [text] => help guide
                                                    [href] => https://geotargetingwp.com/docs/geotargetingwp/how-to-share-location
                                                    [hrefDomain] => geotargetingwp.com
                                                    [rel] => noreferrer noopener nofollow
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 4
                                            [name] => 1. Identification. 
                                            [tag] => h4
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Learn How Important Cyber Forensics Is for a Business. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => When Did Digital Forensics Start?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How Is Digital Forensics Used in an Investigation?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Recent Case Study –. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 4
                                                            [name] => Phase I – First Response. 
                                                            [tag] => h4
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase II – Search and Seizure. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase III – Collect the Evidence. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [2] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase IV- Secure the Evidence. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [3] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase V – Data Acquisition. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [4] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase VI – Data Analysis. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [5] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase VII – Evidence Assessment. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [6] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase VIII – Documentation and Reporting. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [7] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Phase IX – Testify as an Expert Witness. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Key Job Roles of a Digital Forensic Investigator. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Skills Required to Become a Digital Forensic Investigator. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => The Average Salary of a Digital Forensics Investigator. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Is Digital Forensics a Good Career?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Requirements to Become a Forensic Expert. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => The Life of a Digital Forensic Investigator. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 5
                                                            [name] => We Care
                                                            [tag] => h5
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Privacy Overview. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://www.eccouncil.org/wp-content/uploads/2020/04/Header-Img2.jpg
                                )

                            [schema_type] => Array
                                (
                                    [0] => Organization
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Digital Forensics How Well Do You Know Digital Forensics? Ethical Hacking What is Ethical Hacking? What are the benefits of Ethical Hacking? What are the phases of Ethical Hacking? Different types of Ethical Hacking Difference between ethical hacker and penetartion testing Penetration Testing What is Penetration Testing? What are the phases of Penetration Testing? Basic attack vectors that Pen Testers use What are the benefits of Penetration Testing? Types of Penetration Testing What is the Best Penetration Testing Tool? Different Ways To Conduct A Penetration Test Responsibilities of a Penetration Tester Network Security What is Network Security? What is a computer network and its components? What are Network Threats? What are the Types of Network Security Attacks? What is Network Security Vulnerability? Network Protocols and its types What are the various network security techniques? How do you analyze network traffic? Requisites of a Network Security training program Digital Forensics What is Digital Forensics? What are the steps involved in Digital Forensics? Who is a Digital Forensics Investigator? History of Digital Forensics What are the phases of Digital Forensics? What are the best Digital Forensics Tools? What are the job profiles in Digital Forensics? What are the challenges that a Computer Forensic Analyst faces? Requisites of a Digital Forensics training program SOC What is a SOC? Importance of SOC for organizations How does a SOC help? What Are The Responsibilities of a SOC? How to build a great SOC? How is a SOC different from a CSIRT? Disaster Recovery What Is a Business Continuity Plan? What are the aspects of a Business Continuity Plan? What are the key components of a Business Continuity Plan? What is Disaster Recovery? Importance of a Disaster Recovery Plan Disaster Recovery Plan Vs Business Continuity Plan How can AI predict disasters? Significance of a certified and skilled cybersecurity workforce Top Certifications in Business Continuity Incident Response What is Incident Response? Why Is Incident Response Important? What should an incident response plan include? What is an Incident Response Process? Phases of the incident response lifecycle What is an Incident Response Plan? Building an Incident Response Team Best Incident Response Tools How to Become a Certified Incident Handler? Threat Intelligence What is Threat Intelligence in Cybersecurity? Who is A Cyber Threat Intelligence Analyst? What Are The Types of Threat Intelligence? Creating a Cyber Threat Intelligence Program How Do You Implement Cyber Threat Intelligence? Planning for a threat intelligence program What is A Threat Intelligence Feed? How do you use cyber threat intelligence? How Do You Become a Threat Intelligence Analyst? DOS Attacks Denial of Service (DoS) Attacks How Do Denial of Service Attacks Work? What Is the Most Common Form of DoS attacks? What Is Distributed denial of service (DDoS) Attack? What is a DDoS Botnet? What Causes DOS and DDOS attacks? How to Stop DDoS and DoS attacks CISSP What next after CISSP? Enterprise Architect What Do You Need To Know To Be An Enterprise Architect? What Does an Enterprise Architect Do? Why Enterprise Architecture? Objectives of an Enterprise Architect What are the Skills Needed to Be an Enterprise Architect? How Do I Become an Enterprise Architect? SQL Injection What Is an SQL Injection Attack? Why Do Hackers Use SQL Injection? How Does SQL Injection Work? What Is an example of SQL Injection? What are the Types of SQL Injection? Can SQL Injection be traced? How can SQL Injection be prevented? How to Recover from an SQL Injection Attack? What Is Digital Forensics? Digital forensic science is a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime. The term digital forensics was first used as a synonym for computer forensics. Since then, it has expanded to cover the investigation of any devices that can store digital data. Although the first computer crime was reported in 1978, followed by the Florida computers act, it wasn’t until the 1990s that it became a recognized term. It was only in the early 21st century that national policies on digital forensics emerged. Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence. This is done in order to present evidence in a court of law when required. “Digital forensics is the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information to reconstruct past events. The context is most often for the usage of data in a court of law, though digital forensics can be used in other instances.” -Techopedia Steps of Digital Forensics In order for digital evidence to be accepted in a court of law, it must be handled in a very specific way so that there is no opportunity for cyber criminals to tamper with the evidence. 1. Identification. First, find the evidence, noting where it is stored. 2. Preservation. Next, isolate, secure, and preserve the data. This includes preventing people from possibly tampering with the evidence. 3. Analysis. Next, reconstruct fragments of data and draw conclusions based on the evidence found. 4. Documentation. Following that, create a record of all the data to recreate the crime scene. 5. Presentation. Lastly, summarize and draw a conclusion. When Is Digital Forensics Used in a Business Setting? For businesses, Digital Forensics is an important part of the Incident Response process. Forensic Investigators identify and record details of a criminal incident as evidence to be used for law enforcement. Rules and regulations surrounding this process are often instrumental in proving innocence or guilt in a court of law. Learn How Important Cyber Forensics Is for a Business. Who Is a Digital Forensics Investigator? A Digital Forensics Investigator is someone who has a desire to follow the evidence and solve a crime virtually. Imagine a security breach happens at a company, resulting in stolen data. In this situation, a computer forensic analyst would come in and determine how attackers gained access to the network, where they traversed the network, and what they did on the network, whether they took information or planted malware. Under those circumstances, a digital forensic investigator’s role is to recover data like documents, photos, and emails from computer hard drives and other data storage devices, such as zip and flash drives, with deleted, damaged, or otherwise manipulated. Become a Computer Forensics Investigator History of Digital Forensics When Did Digital Forensics Start? Looking back at the history of digital forensics, law enforcement during that age had a minimal understanding of the application of digital forensic techniques. However, during the 1970s and 1980s, the forensics team were mostly representatives of federal law enforcement agencies with a computer background. The first area of concern for law enforcement was data storage, as most documentation happened digitally. Undeniably, seizing, retaining, and analyzing the documentation was a long task for the authorities. In this situation, the FBI launched the Magnet Media program in 1984, which was the first official digital forensics program. Following this, other techniques to identify cybercriminals when they intrude into computer systems were developed. In 1986, Cliff Stoll, a Unix System Administrator at Lawrence Berkeley National Laboratory, created the first honeypot trap. Eventually, digital forensics picked up professionally due to the spread of child pornography online. The war between Iraq and Afghanistan also led to the demand for digital forensic investigation. Concurrently, digital forensics played a major role in extracting the evidential data from the digital assets gathered by the U.S. troops during the war. In 2006, the U.S. implemented a mandatory regime for electronic discovery in its Rules for Civil Procedure. How Is Digital Forensics Used in an Investigation? Digital footprint is the information about a person on the system, such as the webpages they have visited, when they were active, and what device they were using. By following the digital footprints, the investigator will retrieve the data critical to solving the crime case. To name a few –Matt Baker, in 2010, Krenar Lusha, in 2009, and more cases were solved with the help of digital forensics. Cyber forensic investigators are experts in investigating encrypted data using various types of software and tools. There are many upcoming techniques that investigators use depending on the type of cybercrime they are dealing with. Cyber investigators’ tasks include recovering deleted files, cracking passwords, and finding the source of the security breach. Once collected, the evidence is then stored and translated to make it presentable before the court of law or for police to examine further. The role of cyber forensics in criminal offenses can be understood with a case study: cold cases and cyber forensics   Recent Case Study –. Thousands of digital devices that have been seized by police as evidence for alleged crimes, including terrorism and sexual offenses, are sitting in storage in a growing backlog that investigators are struggling to tackle. In the lack of efficient resources to analyze the evidence, the PA news agency has found that 12,122 devices (includes phones, tablets, and computers) are awaiting examination across 32 forces. Unlikely, the backlog has remained the same previous year resulting in hampering prosecutors in criminal cases. In another case, a Times investigation from the last year confirmed awaiting examination of 12,667 devices from 33 police forces. The long-pending investigations show how overwhelmed a digital forensic team is due to the sheer volume of digital evidence collected. GET TRAINING Phases of Digital Forensics Phase I – First Response. The action performed right after the occurrence of a security incident is known as the first response. It is highly dependent on the nature of the incident. Phase II – Search and Seizure. Under this phase, the professionals search for the devices involved in carrying out the crime. These devices then carefully seized to extract information out of them. Phase III – Collect the Evidence. After the search and seizure phase, professionals use the acquired devices to collect data. They have well-defined forensic methods for evidence handling. Phase IV- Secure the Evidence. The forensic staff should have access to a safe environment where they can secure the evidence. They determine if the collected data is accurate, authentic, and accessible. Phase V – Data Acquisition. Data acquisition is the process of retrieving Electronically Stored Information (ESI) from suspected digital assets. It helps to gain insights into the incident while an improper process can alter the data, thus, sacrificing the integrity of evidence. Phase VI – Data Analysis. Under data analysis, the accountable staff scan the acquired data to identify the evidential information that can be presented to the court. This phase is about examining, identifying, separating, converting, and modeling data to transform it into useful information. Phase VII – Evidence Assessment. The process of evidence assessment relates the evidential data to the security incident. There should be a thorough assessment based on the scope of the case. Phase VIII – Documentation and Reporting. This is a post-investigation phase that covers reporting and documenting of all the findings. Also, the report should have adequate and acceptable evidence in accordance to the court of law. Phase IX – Testify as an Expert Witness. The forensic investigators should approach the expert witness to affirm the accuracy of evidence. An expert witness is a professional who investigates the crime to retrieve evidence. What Are Digital Forensics Tools? In the 1990s, digital investigations were carried out via live analysis and using the device in question to examine digital media was commonplace. In time, the increasing use of devices packed with huge amounts of information made live analysis inefficient. Eventually, digital forensic tools were created to observe data on a device without damaging it. Presently, digital forensic tools can be classified as digital forensic open source tools, digital forensics hardware tools, and many others. The Sleuth Kit The Sleuth Kit (earlier known as TSK) is a collection of Unix- and Windows-based utilities that extract data from computer systems. It is an open-source software that analyzes disk images created by “dd” and recovers data from them. With this software, professionals can gather data during incident response or from live systems. Professionals can integrate TSK with more extensive forensics tools. FTK Imager FTK Imager is an acquisition and imaging tool responsible for data preview that allows the user to assess the device in question quickly. The tool can also create forensic images (copies) of the device without damaging the original evidence. Xplico Xplico is a network forensic analysis tool (NFAT) that helps reconstruct the data acquired using other packet sniffing tools like Wireshark. It is free and open-source software that uses Port Independent Protocol Identification (PIPI) to recognize network protocols. The tool is built on four key components: Decoder Manager, IP Decoder, Data Manipulators, and Visualization System. Here are a few more tools used for Digital Investigation What you will Learn Digital Forensics Job Profiles If you have good analytical skills, you can forge a successful career as a forensic computer analyst, tracing the steps of cybercrime The role of a forensic computer analyst is to investigate criminal incidents and data breaches. These forensic analysts often work for the police, law enforcement agencies, government, private, or other forensic companies. They use specialized tools and techniques to retrieve, analyze, and store data linked to criminal activity like a breach, fraud, network intrusions, illegal usage, unauthorized access, or terrorist communication. Career with CHFI Key Job Roles of a Digital Forensic Investigator. Cyber Forensic Investigator Forensic Analyst, Senior Digital Forensics Analyst-Mid-Level Senior Digital Forensics and Incident Response Senior Consultant, Digital Forensics Security Analyst (Blue Team) – Forensic investigation Cybersecurity Forensics Consultant Senior Associate-Forensic Services-Forensic Technology Solutions Computer Forensic Technician Digital Forensics Analyst Senior Principle, Digital Forensics Security Forensics Analyst (SOC) Digital Forensics Analyst, Senior Forensics Engineer Get Certified Skills Required to Become a Digital Forensic Investigator. Employers look for certified forensic investigators with key digital forensic skills, including: are as follows: Defeating anti-forensic techniques Understanding hard disks and file systems Operating system forensics Cloud forensic in a cloud environment Investigating email crimes Mobile device forensics The Average Salary of a Digital Forensics Investigator. Is Digital Forensics a Good Career? As per Payscale, the average salary of a Digital Forensic Computer Analyst is $72,929 Requirements to Become a Forensic Expert. The eligibility criteria for a cyber forensic expert can vary widely. Many private firms like to hire candidates with a relevant bachelor’s degree, while law enforcement agencies prioritize hands-on experience. Degree RequirementsWork ExperienceHard SkillsSoft Skills Bachelor’s degree in Computer Science or Engineering Bachelor of Science in Cyber Security (preferred) Master of Science in Cyber Security with Digital Forensic specialization (preferred) For Internship – No experience required For Entry-level Forensic Analysts – 1 to 2 years of experience is required For Senior Forensic Analyst – 2 to 3 years of experience is the norm For Managerial level – more than 5 years of experience Knowledge of computer networks – network protocols, topologies, etc. Knowledge of various operating systems – Unix, Linux, Windows, etc. Familiarity with different computer programming languages – Java, Python, etc. Understanding of computer hardware and software systems Expertise in digital forensic tools – Xplico, EnCase, FTK Imager, and hundreds of others Cloud computing Forensic experts must have report writing skills and critical thinking. Become a Forensic Expert The Life of a Digital Forensic Investigator. Watch this to learn more about what a digital forensics investigator does and how they gather data: Challenges a Computer Forensic Analyst Faces The most notable challenge digital forensic investigators face today is the cloud environment. While cloud computing is incredibly beneficial to an organization, they are also challenging for forensics investigators. The basic principle that the cloud is somebody else’s computer holds some truth, but huge server farms host most data. Since the cloud is scalable, information can be hosted in different locations, even in different countries. This makes it extremely difficult to gather accurate and trusted evidence in a case because establishing a proper chain of custody becomes nearly impossible. In addition, the jurisdiction of the data must be considered since different laws apply to depend on where it is located. How Can CHFI Help You Become a Skilled Cyber Forensic Investigation Analyst? The rising significance of digital forensics is creating an increased demand for computer forensic talent. As the role requires a specific set of skills that can be acquired via formal education and practice, EC-Council has the Computer Hacking and Forensic Investigator (CHFI) program to offer to those aspiring to become cyber professionals. The CHFI certification will fortify the application knowledge of law enforcement personnel, security officers, network administrators, legal professionals, and anyone concerned about the integrity of the network infrastructure. EC-Council’s CHFI is a vendor-neutral comprehensive program that encapsulates the professional with required digital forensics knowledge. 10 Reasons Why the CHFI Is Your Go-to for All Things Digital Forensics 1. Methodological Approach CHFI presents a methodological approach to computer forensics, including searching and seizing digital evidence and acquisition, storage, analysis, and reporting of that evidence to serve as a valid piece of information during the investigation. A CHFI can use different methods to discover data from a computer system, cloud service, mobile phone, or other digital devices. 2. Comprehensive Online Learning It is a comprehensive program that comprises 14 modules and 39 lab sessions. The program can be taken completely online with a duration of 40 hours, during which you will be trained on the computer forensics and investigation process. CHFI also helps you understand the law enforcement process and rules that guide you through the legal process of investigation. 3. Include Real-Time Forensic Investigation Scenarios CHFI includes major real-time forensic investigation cases that were solved through computer forensics. The study enables students to acquire hands-on experience in different forensic investigation techniques that were adopted from real-life scenarios. 4. Pre-Requisite The required skills for being a digital forensic investigator include knowledge of information technology and cybersecurity, but EC-Council does not restrict candidates with pre-requisites, specific qualifications, or experience to join the program. 5. ANSI Accreditation EC-Council is one of the few organizations that specialize in information security (IS) to achieve ANSI 17024 accreditation. American National Standards Institute (ANSI) is a private non-profit organization that ensures the integrity of the standards as defined by them. 6. Mapped to NICE CHFI is 100% mapped to the “Protect and Defend” Workforce Framework of NICE (National Institute of Cybersecurity Education), which categorizes and describes cybersecurity job roles. 7. Updated Timely The current CHFI program is version 9, and that means it is continually updated to adhere to evolving forensic tools and methodologies. CHFI is updated with case studies, labs, digital forensic tools, and devices. 8. Equipped with Detailed Labs The program has detailed labs making up almost 40% of the total training time. CHFI also comes with cloud-based virtual labs that allow the candidate to practice investigation techniques that mirror real-life situations in a simulated environment. 9. White Papers and Students Kit For additional reading, the program comes loaded with many white papers. The student kit also contains various forensic investigation templates for evidence collection, chain-of-custody, investigation reports, and more. 10. Report Writing and Presentation CHFI has a module dedicated to writing a report and presentation that enhances your skills in presenting the authenticity of the evidence collected and analyzed, explaining its significance in solving the case. Computer Hacking and Forensic Investigator (CHFI) is the leading training program for anyone aspiring to be a digital forensic investigator. If you are a cybersecurity enthusiast and know information technology, get trained today! We CareEnsuring that you get the best experience is our only purpose for using cookies. If you wish to continue, please accept. You are welcome to provide a controlled consent by visiting the cookie settings. For any further queries or information, please see our privacy policy. Do not sell my personal information.Cookie SettingsAcceptManage consent Close Privacy Overview. This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience. Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. CookieDurationDescriptioncookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. Functional Functional Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features. Performance Performance Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. Analytics Analytics Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. Advertisement Advertisement Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads. Others Others Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet. SAVE & ACCEPT Please wait while you are redirected to the right page... Please share your location to continue. Check our help guide for more info.
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 121
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 81
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 66
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 39
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 32
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 31
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => investigator
                                            [tf] => 26
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => cooky
                                            [tf] => 24
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => forensic investigator
                                            [tf] => 22
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => analyst
                                            [tf] => 22
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 22
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 20
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 20
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 20
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => incident
                                            [tf] => 19
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => chfi
                                            [tf] => 17
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => security
                                            [tf] => 17
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => program
                                            [tf] => 16
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => cyber
                                            [tf] => 16
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 16
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => cookie
                                            [tf] => 16
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => law
                                            [tf] => 15
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => phase
                                            [tf] => 14
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => response
                                            [tf] => 14
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => consent
                                            [tf] => 14
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => forensic analyst
                                            [tf] => 13
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => incident response
                                            [tf] => 13
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => experience
                                            [tf] => 13
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => digital forensic investigator
                                            [tf] => 12
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 12
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => website
                                            [tf] => 11
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => attack
                                            [tf] => 11
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => threat
                                            [tf] => 11
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 11
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 10
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => threat intelligence
                                            [tf] => 10
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => intelligence
                                            [tf] => 10
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => sql injection
                                            [tf] => 9
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => forensic investigation
                                            [tf] => 9
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => forensic tool
                                            [tf] => 8
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 8
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => cyber forensic
                                            [tf] => 7
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => digital forensic digital
                                            [tf] => 6
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => forensic digital forensic
                                            [tf] => 6
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => digital forensic tool
                                            [tf] => 6
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => cookie set gdpr
                                            [tf] => 6
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => set gdpr cookie
                                            [tf] => 6
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => gdpr cookie consent
                                            [tf] => 6
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => year experience
                                            [tf] => 6
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => forensic digital
                                            [tf] => 6
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => penetration testing
                                            [tf] => 6
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => network security
                                            [tf] => 6
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => enterprise architect
                                            [tf] => 6
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => court law
                                            [tf] => 6
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => cookie set
                                            [tf] => 6
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => set gdpr
                                            [tf] => 6
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => gdpr cookie
                                            [tf] => 6
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => cookie consent
                                            [tf] => 6
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => cookie consent plugin
                                            [tf] => 5
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => user consent cooky
                                            [tf] => 5
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => consent cooky category
                                            [tf] => 5
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => year
                                            [tf] => 5
                                        )

                                    [62] => stdClass Object
                                        (
                                            [term] => ec council
                                            [tf] => 5
                                        )

                                    [63] => stdClass Object
                                        (
                                            [term] => ethical hacking
                                            [tf] => 5
                                        )

                                    [64] => stdClass Object
                                        (
                                            [term] => business continuity
                                            [tf] => 5
                                        )

                                    [65] => stdClass Object
                                        (
                                            [term] => consent plugin
                                            [tf] => 5
                                        )

                                    [66] => stdClass Object
                                        (
                                            [term] => store user
                                            [tf] => 5
                                        )

                                    [67] => stdClass Object
                                        (
                                            [term] => user consent
                                            [tf] => 5
                                        )

                                    [68] => stdClass Object
                                        (
                                            [term] => consent cooky
                                            [tf] => 5
                                        )

                                    [69] => stdClass Object
                                        (
                                            [term] => cooky category
                                            [tf] => 5
                                        )

                                    [70] => stdClass Object
                                        (
                                            [term] => business continuity plan
                                            [tf] => 4
                                        )

                                    [71] => stdClass Object
                                        (
                                            [term] => cyber threat intelligence
                                            [tf] => 4
                                        )

                                    [72] => stdClass Object
                                        (
                                            [term] => enterprise architect enterprise
                                            [tf] => 4
                                        )

                                    [73] => stdClass Object
                                        (
                                            [term] => monthsthi cookie set
                                            [tf] => 4
                                        )

                                    [74] => stdClass Object
                                        (
                                            [term] => store user consent
                                            [tf] => 4
                                        )

                                    [75] => stdClass Object
                                        (
                                            [term] => digital device
                                            [tf] => 4
                                        )

                                    [76] => stdClass Object
                                        (
                                            [term] => disaster recovery
                                            [tf] => 4
                                        )

                                    [77] => stdClass Object
                                        (
                                            [term] => continuity plan
                                            [tf] => 4
                                        )

                                    [78] => stdClass Object
                                        (
                                            [term] => cyber threat
                                            [tf] => 4
                                        )

                                    [79] => stdClass Object
                                        (
                                            [term] => do attack
                                            [tf] => 4
                                        )

                                    [80] => stdClass Object
                                        (
                                            [term] => architect enterprise
                                            [tf] => 4
                                        )

                                    [81] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 4
                                        )

                                    [82] => stdClass Object
                                        (
                                            [term] => forensic expert
                                            [tf] => 4
                                        )

                                    [83] => stdClass Object
                                        (
                                            [term] => website cooky
                                            [tf] => 4
                                        )

                                    [84] => stdClass Object
                                        (
                                            [term] => monthsthi cookie
                                            [tf] => 4
                                        )

                                    [85] => stdClass Object
                                        (
                                            [term] => testing penetration testing
                                            [tf] => 3
                                        )

                                    [86] => stdClass Object
                                        (
                                            [term] => history digital forensic
                                            [tf] => 3
                                        )

                                    [87] => stdClass Object
                                        (
                                            [term] => computer forensic analyst
                                            [tf] => 3
                                        )

                                    [88] => stdClass Object
                                        (
                                            [term] => architect enterprise architect
                                            [tf] => 3
                                        )

                                    [89] => stdClass Object
                                        (
                                            [term] => sql injection sql
                                            [tf] => 3
                                        )

                                    [90] => stdClass Object
                                        (
                                            [term] => injection sql injection
                                            [tf] => 3
                                        )

                                    [91] => stdClass Object
                                        (
                                            [term] => required digital forensic
                                            [tf] => 3
                                        )

                                    [92] => stdClass Object
                                        (
                                            [term] => law enforcement agency
                                            [tf] => 3
                                        )

                                    [93] => stdClass Object
                                        (
                                            [term] => forensic computer analyst
                                            [tf] => 3
                                        )

                                    [94] => stdClass Object
                                        (
                                            [term] => forensic analyst senior
                                            [tf] => 3
                                        )

                                    [95] => stdClass Object
                                        (
                                            [term] => digital forensic analyst
                                            [tf] => 3
                                        )

                                    [96] => stdClass Object
                                        (
                                            [term] => consent plugin cookie
                                            [tf] => 3
                                        )

                                    [97] => stdClass Object
                                        (
                                            [term] => plugin cookie store
                                            [tf] => 3
                                        )

                                    [98] => stdClass Object
                                        (
                                            [term] => cookie store user
                                            [tf] => 3
                                        )

                                    [99] => stdClass Object
                                        (
                                            [term] => testing penetration
                                            [tf] => 3
                                        )

                                    [100] => stdClass Object
                                        (
                                            [term] => network protocol
                                            [tf] => 3
                                        )

                                    [101] => stdClass Object
                                        (
                                            [term] => training program
                                            [tf] => 3
                                        )

                                    [102] => stdClass Object
                                        (
                                            [term] => history digital
                                            [tf] => 3
                                        )

                                    [103] => stdClass Object
                                        (
                                            [term] => denial service
                                            [tf] => 3
                                        )

                                    [104] => stdClass Object
                                        (
                                            [term] => injection sql
                                            [tf] => 3
                                        )

                                    [105] => stdClass Object
                                        (
                                            [term] => data computer
                                            [tf] => 3
                                        )

                                    [106] => stdClass Object
                                        (
                                            [term] => required digital
                                            [tf] => 3
                                        )

                                    [107] => stdClass Object
                                        (
                                            [term] => enforcement agency
                                            [tf] => 3
                                        )

                                    [108] => stdClass Object
                                        (
                                            [term] => computer system
                                            [tf] => 3
                                        )

                                    [109] => stdClass Object
                                        (
                                            [term] => case study
                                            [tf] => 3
                                        )

                                    [110] => stdClass Object
                                        (
                                            [term] => expert witness
                                            [tf] => 3
                                        )

                                    [111] => stdClass Object
                                        (
                                            [term] => open source
                                            [tf] => 3
                                        )

                                    [112] => stdClass Object
                                        (
                                            [term] => ftk imager
                                            [tf] => 3
                                        )

                                    [113] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 3
                                        )

                                    [114] => stdClass Object
                                        (
                                            [term] => computer analyst
                                            [tf] => 3
                                        )

                                    [115] => stdClass Object
                                        (
                                            [term] => analyst senior
                                            [tf] => 3
                                        )

                                    [116] => stdClass Object
                                        (
                                            [term] => plugin cookie
                                            [tf] => 3
                                        )

                                    [117] => stdClass Object
                                        (
                                            [term] => cookie store
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 52
                            [rank] => 17131
                        )

                    [5] => stdClass Object
                        (
                            [position] => 6
                            [title] => What is Computer Forensics and How Is It Used In Investigations?
                            [url] => https://www.mitnicksecurity.com/blog/what-is-computer-forensics-and-how-is-it-used-in-investigations
                            [destination] => https://www.mitnicksecurity.com › blog › what-is-comp...
                            [description] => Computer forensics isn't as simple as crime shows make it seem. Learn more about computer forensics and how these types of investigations are conducted
                            [isAmp] => 
                            [date] => 27 Aug 2020
                            [organic_position] => 6
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What is Computer Forensics and How Is It Used In ...
                            [serp_description] => Computer forensic engineers extract evidence in a legally-sound manner to ensure its usability in criminal or civil court proceedings. To ensure ...
                            [hostname] => mitnicksecurity.com
                            [canonical] => https://www.mitnicksecurity.com/blog/what-is-computer-forensics-and-how-is-it-used-in-investigations
                            [h1] => Cyber Security Articles & News
                            [h2] => Array
                                (
                                    [0] => What is Computer Forensics?
                                    [1] => Real Life Examples of Computer Forensics in Action
                                    [2] => Steps in a Computer Forensics Investigation
                                    [3] => Continue Your Computer Forensics Search
                                    [4] => Latest Posts
                                )

                            [h3] => Array
                                (
                                    [0] => Policy and Procedure Development
                                    [1] => Evidence Assessment
                                    [2] => Evidence Acquisition
                                    [3] => Evidence Examination
                                    [4] => Documenting and Reporting
                                    [5] => Times Your Company May Need a Cyber Security Expert Witness
                                    [6] => What Is a Security Vulnerability Assessment?
                                    [7] => The Growth of Ransomware Attacks
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => What is Computer Forensics?
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => Real Life Examples of Computer Forensics in Action
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Steps in a Computer Forensics Investigation
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Continue Your Computer Forensics Search
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Latest Posts
                                        )

                                )

                            [type] => article
                            [wordCount] => 1023
                            [imgCount] => 8
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 49
                                    [outboundSize] => 3
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Matt Baker was sentenced to 65 years in prison
                                                    [href] => https://blog.eccouncil.org/5-cases-solved-using-extensive-digital-forensic-evidence/
                                                    [hrefDomain] => eccouncil.org
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => a forensic analyst found
                                                    [href] => https://www.newsday.com/news/nation/texas-murder-suspect-searched-overdose-online-1.1702442%20Show%20less
                                                    [hrefDomain] => newsday.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://cta-redirect.hubspot.com/cta/redirect/3875471/17d39c58-6f51-4d64-9cfc-57ee31efb530
                                                    [hrefDomain] => hubspot.com
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What is Computer Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Real Life Examples of Computer Forensics in Action. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Steps in a Computer Forensics Investigation. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Policy and Procedure Development. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Evidence Assessment. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Evidence Acquisition. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Evidence Examination. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Documenting and Reporting. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Continue Your Computer Forensics Search. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Latest Posts. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Times Your Company May Need a Cyber Security Expert Witness. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What Is a Security Vulnerability Assessment?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => The Growth of Ransomware Attacks. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://www.mitnicksecurity.com/hubfs/Images/Events/In%20The%20News/alvaro-reyes-fSWOVc3e06w-unsplash.jpg#keepProtocol
                                    [twitterImage] => https://www.mitnicksecurity.com/hubfs/Images/Events/In%20The%20News/alvaro-reyes-fSWOVc3e06w-unsplash.jpg#keepProtocol
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Cyber Security Articles & News What is Computer Forensics and How Is It Used In Investigations? Posted by Mitnick Security on Aug 27, 2020 9:24:00 AM If you have watched enough crime shows on television, you've likely seen an actor or actress portraying a forensic investigator. On shows like CSI: Miami, the forensic investigators seem to be able to type a few keys into a terminal and boom— they have all the information they need.  In real life, however, computer forensics isn't so simple. In fact, computer forensic investigators may take days to dissect all of the information needed for a case.  In this article, we'll discuss computer forensics and how these types of investigations are conducted.  What is Computer Forensics? For those unfamiliar with computer forensics, it is the art and science of uncovering evidence stored in computers and digital storage.  Computer forensic engineers extract evidence in a legally-sound manner to ensure its usability in criminal or civil court proceedings. To ensure the evidence is not tampered with and admissible in court, computer forensic investigators use a documented chain of custody and tools such as write blockers and tamper seals.   When a criminal activity involving a computer occurs, such as a denial-of-service (DoS) or hacking attack, the system used holds a plethora of evidence regarding the crime. Even in criminal cases that aren't explicitly cybersecurity-related, such as drug-trafficking, fraud, or even murder, the suspect's devices likely hold evidence of the crime in emails, internet history, documents, and images.  Real Life Examples of Computer Forensics in Action. In 2010, a Baptist preacher named Matt Baker was sentenced to 65 years in prison for the murder of his wife. The initial report had stated the wife had committed suicide by overdosing on sleeping pills. Upon further investigation, a forensic analyst found that Baker had searched "overdosing on sleeping pills" and had visited several pharmaceutical websites before his wife's death. Without this information from Baker's computer, he might have never been brought to justice.  Commercial corporations also use computer forensics for a myriad of various reasons. Intellectual property theft, fraud, forgeries, and employment disputes may result in the use of computer forensics to provide evidence for civil cases. Imagine a scenario in which an employee claims to have experienced sexual harassment or prejudice by an employer. Company-owned devices will likely be one of the most useful locations to find evidence.  When an individual works for an organization, any work performed on the corporate devices typically belongs to that organization, even if that employee was working on a “personal project” while using this device. Companies may choose to use computer forensics to prove that the product belongs to them as it was created on a company device. Computer forensics can be used to find this evidence, even if the employee believes that they have deleted all applicable files on that computer.  Steps in a Computer Forensics Investigation. For individuals working in computer forensics, there are five essential steps to a successful investigation.   Policy and Procedure Development. As with any role, maintaining properly defined policies and procedures is crucial. In computer forensics, these procedures may outline how to properly prepare systems for evidence retrieval and the steps to ensure the authenticity of data.  Evidence Assessment. Computers can store a lot of information, sometimes terabytes of data, not all of which apply to a specific case for which an investigator is collecting evidence.  Investigators need a knowledge of the case at hand and an understanding of which evidence applies to the case.  Evidence Acquisition. Merely locating the evidence is not enough. The evidence must be collected and acquired, following strict guidelines to ensure its admissibility in court. Typical instructions for preserving evidence include the physical removal of storage devices, the use of write blockers to prevent tampering, and thorough documentation such as a chain of custody.  Evidence Examination. Upon assessing and acquiring evidence, the next step is to examine the potential evidence. Investigators use various methods, techniques, and tools for reviewing digital data. Intentionally hidden files and any data tagged with a date and timestamps are particularly useful to investigators.  Documenting and Reporting. Documenting all steps throughout the investigation is a critical aspect of any computer forensic investigator’s duties. Since the goal of collecting this data is typically to present it in a court of law, any failure to accurately document and report the steps taken could result in the evidence being inadmissible.  Continue Your Computer Forensics Search. If you’re interested in learning more about digital forensics, visit our Digital Forensics services page here. Latest Posts. Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.” Times Your Company May Need a Cyber Security Expert Witness. Expert witnesses are commonplace in the legal world to provide well…expert… insight into cyber scenarios. Because the Average Joe may not know the tec.. Read more › What Is a Security Vulnerability Assessment? When it comes to online security, you want to find the issues before cyber criminals figure it out for you. Penetration tests, or pentests, are annual.. Read more › The Growth of Ransomware Attacks. “Ransomware” is a buzzword that’s undoubtedly been splashed all across the news in the past two years. The cyberattack gets its name for the financial.. Read more › © Copyright 2004 - 2022 Mitnick Security Consulting LLC. All rights Reserved. | Privacy Policy
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 23
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 23
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 20
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 18
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => investigator
                                            [tf] => 10
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => security
                                            [tf] => 8
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => forensic investigator
                                            [tf] => 6
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 6
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 6
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 6
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => step
                                            [tf] => 6
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => expert
                                            [tf] => 5
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 5
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => cyber
                                            [tf] => 4
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => case
                                            [tf] => 4
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 4
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => ensure
                                            [tf] => 4
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => criminal
                                            [tf] => 4
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => court
                                            [tf] => 4
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => company
                                            [tf] => 4
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => computer forensic investigator
                                            [tf] => 3
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 3
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => show
                                            [tf] => 3
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => baker
                                            [tf] => 3
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => wife
                                            [tf] => 3
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => employee
                                            [tf] => 3
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => find
                                            [tf] => 3
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => policy
                                            [tf] => 3
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => procedure
                                            [tf] => 3
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => read
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 48
                            [rank] => 96608
                        )

                    [6] => stdClass Object
                        (
                            [position] => 7
                            [title] => Digital Forensics - an overview | ScienceDirect Topics
                            [url] => https://www.sciencedirect.com/topics/computer-science/digital-forensics
                            [destination] => https://www.sciencedirect.com › topics › computer-science
                            [isAmp] => 
                            [organic_position] => 7
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Digital Forensics - an overview | ScienceDirect Topics
                            [serp_description] => Network forensics focuses on the use of captured network traffic and session information to investigate computer crime. Host-based forensics focuses on the ...
                            [hostname] => sciencedirect.com
                            [canonical] => https://www.sciencedirect.com/topics/computer-science/digital-forensics
                            [h1] => Digital Forensics
                            [h2] => Array
                                (
                                    [0] => Related terms:
                                    [1] => Digital Forensics
                                    [2] => Understanding Digital Forensics
                                    [3] => Digital Forensics and Analyzing Data
                                    [4] => Approaches by Different Types of Examiners
                                    [5] => Some Things Will Become Easier, Others Not So Much
                                    [6] => Digital Forensics
                                    [7] => Psychological profiling as an investigative tool for digital forensics
                                    [8] => Part 2. Forensics Team
                                    [9] => Intrusion Prevention and Detection Systems
                                    [10] => Intrusion Prevention and Detection Systems
                                )

                            [h3] => Array
                                (
                                    [0] => Introduction
                                    [1] => Introduction
                                    [2] => Introduction
                                    [3] => Introduction
                                    [4] => Introduction
                                    [5] => Organizational Preparedness
                                    [6] => Abstract
                                    [7] => 17 Digital Forensics
                                    [8] => 17 Digital Forensics
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => Related terms:
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => Digital Forensics
                                            [id] => tp-snippet-chp-title-B9781597496438000031
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Understanding Digital Forensics
                                            [id] => tp-snippet-chp-title-B9780128044544000010
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Digital Forensics and Analyzing Data
                                            [id] => tp-snippet-chp-title-B9781597494182000016
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Approaches by Different Types of Examiners
                                            [id] => tp-snippet-chp-title-B9781597496438000110
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Some Things Will Become Easier, Others Not So Much
                                            [id] => tp-snippet-chp-title-B9781597499859000095
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Digital Forensics
                                            [id] => tp-snippet-chp-title-B9781597499699000134
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => Psychological profiling as an investigative tool for digital forensics
                                            [id] => tp-snippet-chp-title-B9780128045268000034
                                        )

                                    [8] => stdClass Object
                                        (
                                            [text] => Part 2. Forensics Team
                                            [id] => tp-snippet-chp-title-B978159749996500039X
                                        )

                                    [9] => stdClass Object
                                        (
                                            [text] => Intrusion Prevention and Detection Systems
                                            [id] => tp-snippet-chp-title-B9780128038437000727
                                        )

                                    [10] => stdClass Object
                                        (
                                            [text] => Intrusion Prevention and Detection Systems
                                            [id] => tp-snippet-chp-title-B978012394397200026X
                                        )

                                )

                            [wordCount] => 1862
                            [imgCount] => 1
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 52
                                    [outboundSize] => 9
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9781597496438
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9780128044544
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9781597494182
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9781597496438
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9781597499859
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9781597499699
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9780128045268
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9780128038437
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => Purchase book
                                                    [href] => https://www.elsevier.com/books/T/A/9780123943972
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Related terms:. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Introduction. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Understanding Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Introduction. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital Forensics and Analyzing Data. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Introduction. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Approaches by Different Types of Examiners. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Introduction. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Some Things Will Become Easier, Others Not So Much. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Introduction. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Organizational Preparedness. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Psychological profiling as an investigative tool for digital forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Abstract. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Part 2. Forensics Team. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [9] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Intrusion Prevention and Detection Systems. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => 17 Digital Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [10] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Intrusion Prevention and Detection Systems. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => 17 Digital Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Digital ForensicsRelated terms:. Computer ForensicsIncident ResponseInternet of ThingsLaw EnforcementForensic LaboratoryForensics ToolView all TopicsDownload as PDFSet alertAbout this pageDigital Forensics. Larry E. Daniel, Lars E. Daniel, in Digital Forensics for Legal Professionals, 2012Introduction. Originally the field of digital forensics only included computers, primarily personal computers. Over the last 20 years or so, as computers have become connected through small local networks and ultimately through the largest network of them all, the Internet, the term computer forensics has become too limited to encompass the entire field. Because of this, most examiners who practice more than just computer forensics have taken to calling their discipline digital forensics.The field of digital forensics has expanded to include network forensics as well, and includes such areas of expertise as investigating network security breaches, hacking attempts, and data theft.With the introduction of computer processing into other devices, such as global positioning system (GPS) units, automobiles, truck black boxes, cellular phones, answering machines, copy and fax machines, and so forth, the field has expanded to add additional subdisciplines.Each of the subdisciplines can be part of a digital forensic examiner’s expertise, but not all have to be. Some examiners choose to specialize in one area, such as computer forensics, without ever adding cellular phone forensics or GPS to their repertoire of skills.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9781597496438000031Understanding Digital Forensics. Jason Sachowski, in Implementing Digital Forensic Readiness, 2016Introduction. Digital forensics has always been labeled as an “interesting” profession to work in. This comes as no surprise as public interest spikes; fueled by the works of novelists and film makers who made the world of digital crime and digital forensic both appealing and stylishly straightforward. But the reality is, there is a lot more discipline to the digital forensic profession that what is portrayed in the media.While it is relatively known that there are legal aspects involved with digital forensics, most people are surprised to learn that the profession involves a great deal of scientific principles, methodologies, and techniques. Not only does digital forensics require a significant amount of specialized training and skills to properly apply these scientific fundamentals, digital forensics is also somewhat of an art form where analytical experience comes into play.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9780128044544000010Digital Forensics and Analyzing Data. Dale Liu, in Cisco Router and Switch Forensics, 2009Introduction. Digital forensics is probably the most intricate step of the cybercrime investigation process, and often yields the strongest evidence in terms of prosecutable cases. Digital forensics is the scientific acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law. The practice of digital forensics can be a career unto itself, and often is. Other times it is a subset of skills for a more general security practitioner. Although the corporate digital forensic practitioner is not a law enforcement officer, it is a wise practice to follow the same procedures as law enforcement does when performing digital forensics. Even in a corporate environment, the work one performs can quickly make it to a courtroom. Regardless of whether the case is civil or criminal, the evidence will still be presented in the same fashion.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9781597494182000016Approaches by Different Types of Examiners. Larry E. Daniel, Lars E. Daniel, in Digital Forensics for Legal Professionals, 2012Introduction. Digital forensics examiners come from many different backgrounds: law enforcement, private sector computer and software professionals, military, academia, and the private investigator community. Some examiners are primarily self-taught, while others have extensive training through government or private entities or are recent college graduates of one of the digital forensics programs at various universities.Examiners can be full-time, where digital forensics is their primary function, while others are part-timers, only doing digital forensics as a small part of their primary job, or doing it as a second vocation. Some examiners handle dozens of cases each year, while others may only handle one or two cases in a year. All of these variables result in examiners taking different approaches to cases.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9781597496438000110Some Things Will Become Easier, Others Not So Much. Brett Shavers, in Placing the Suspect Behind the Keyboard, 2013Introduction. The digital forensics field evolves faster than most other fields simply because technology changes rapidly. With each new operating system or new version of an operating system, digital forensics must keep up with the advances. Not only must digital forensic examiners try to keep up with each technological advance in computing, but also keep up with ever changing laws.Sometimes, these changes make it easier for digital forensics and the investigator’s ability to place a suspect behind a keyboard. Other times, these changes can make it difficult or impossible. Expecting which changes will occur in the future is anyone’s guess, but no matter the changes, the digital forensics field must be flexible to stay abreast.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9781597499859000095Digital Forensics. J. Sammons, in Introduction to Information Security, 2014Organizational Preparedness. Digital forensics is a vital part of an overall incident response strategy. As such, it should be addressed by the organization through its policies, procedures, budgets, and personnel. All applicable policies and procedures should be drafted in such a way that it maximizes the effectiveness of the digital forensic process. Specific policies should be drafted covering digital forensic procedures and concerns. The budget should reflect the importance of digital forensics by dedicating funds for the tools and training needed to support an incident response. An adequate number of personnel should be trained in forensic fundamentals, as well as certified with the specific tools they will use. Validation is a fundamental principle of digital forensics. Maintaining both trained and certified personnel is essential to meeting that objective. More details on response policies and contingency planning are provided in Chapter 15.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9781597499699000134Psychological profiling as an investigative tool for digital forensics. Marcus K. Rogers, in Digital Forensics, 2016Abstract. Digital forensics has fallen victim to the fact that the traditional approach has focused mainly on the collection of evidence and very little time has been spent on how to effectively and efficiently examine, analyze, and arrive at a decision based on the evidence identified. Behavioral analysis has been used to support traditional criminal investigations very successfully. This chapter looks at how behavioral analysis can be modified to be used in the context of cyber criminal investigations. The weaknesses of the traditional digital forensics model are discussed and then the behavioral analysis model is presented, along with its uses and limitations. Three case studies are presented that illustrate how behavioral analysis assists in the cyber criminal investigative process.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9780128045268000034Part 2. Forensics Team. Leighton R. JohnsonIII, in Computer Incident Response and Forensics Team Management, 2014The First Digital Forensics Research Workshop defined Digital Forensic Science as:“The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.”1Read full chapterView PDFDownload bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B978159749996500039XIntrusion Prevention and Detection Systems. Christopher Day, in Computer and Information Security Handbook (Third Edition), 201317 Digital Forensics. Digital forensics is the “application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence” [24]. Less formally, digital forensics is the use of specialized tools and techniques to investigate various forms of computer-oriented crime including fraud, illicit use such as child pornography, and many forms of computer intrusions.Digital forensics as a field can be divided into two subfields: network forensics and host-based forensics. Network forensics focuses on the use of captured network traffic and session information to investigate computer crime. Host-based forensics focuses on the collection and analysis of digital evidence collected from individual computer systems to investigate computer crime. Digital forensics is a vast topic; a comprehensive discussion is beyond the scope of this chapter. Interested readers are referred to Jones [25] for more detail.In the context of intrusion detection, digital forensic techniques can be used to analyze a suspected compromised system in a methodical manner. Forensic investigations are most commonly used when the nature of the intrusion is unclear, such as those perpetrated via a zero-day exploit, but in which the root cause must be fully understood either to ensure the exploited vulnerability is properly remediated or to support legal proceedings. Owing to the increasing use of sophisticated attack tools and stealthy and customized malware designed to evade detection, forensic investigations are becoming increasingly common, and sometimes only a detailed and methodical investigation will uncover the nature of an intrusion. The specifics of the intrusion may also require a forensic investigation such as those involving the theft of PII in regions covered by one or more data breach disclosure laws.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B9780128038437000727Intrusion Prevention and Detection Systems. Christopher Day, in Computer and Information Security Handbook (Second Edition), 201317 Digital Forensics. Digital forensics is the “application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence” [24]. Less formally digital forensics is the use of specialized tools and techniques to investigate various forms of computer-oriented crime including fraud, illicit use such as child pornography, and many forms of computer intrusions.Digital forensics as a field can be divided into two subfields: network forensics and host-based forensics. Network forensics focuses on the use of captured network traffic and session information to investigate computer crime. Host-based forensics focuses on the collection and analysis of digital evidence collected from individual computer systems to investigate computer crime. Digital forensics is a vast topic and a comprehensive discussion is beyond the scope of this chapter and interested readers are referred to [25] for more detail.In the context of intrusion detection, digital forensic techniques can be utilized to analyze a suspected compromised system in a methodical manner. Forensic investigations are most commonly used when the nature of the intrusion is unclear, such as those perpetrated via a 0-day exploit, but wherein the root cause must be fully understood either to ensure the exploited vulnerability is properly remediated or to support legal proceedings. Due to the increasing use of sophisticated attack tools and stealthy and customized malware designed to evade detection, forensic investigations are becoming increasingly common and sometimes only a detailed and methodical investigation will uncover the nature of an intrusion. The specifics of the intrusion may also require a forensic investigation such as those involving the theft of Personally Identifiable Information (PII) in regions covered by one or more data breach disclosure laws.View chapterPurchase bookRead full chapterURL: https://www.sciencedirect.com/science/article/pii/B978012394397200026X
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 78
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 57
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 48
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 24
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => full
                                            [tf] => 12
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 11
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => bookread full chapterurl
                                            [tf] => 10
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => bookread full
                                            [tf] => 10
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => full chapterurl
                                            [tf] => 10
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => examiner
                                            [tf] => 10
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 10
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => bookread
                                            [tf] => 10
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => chapterurl
                                            [tf] => 10
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 10
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 10
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => chapterpurchase bookread full
                                            [tf] => 9
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => chapterpurchase bookread
                                            [tf] => 9
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => field
                                            [tf] => 9
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 9
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => chapterpurchase
                                            [tf] => 9
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => intrusion
                                            [tf] => 8
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => legal
                                            [tf] => 7
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 7
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 7
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 7
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => forensic investigation
                                            [tf] => 6
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => procedure
                                            [tf] => 6
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => detection
                                            [tf] => 6
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => investigate
                                            [tf] => 6
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => network forensic
                                            [tf] => 5
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 5
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => security
                                            [tf] => 5
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 5
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => technique
                                            [tf] => 5
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => form
                                            [tf] => 5
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => criminal
                                            [tf] => 5
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => based
                                            [tf] => 5
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => daniel lar
                                            [tf] => 4
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => analysi digital evidence
                                            [tf] => 4
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => host based forensic
                                            [tf] => 4
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => investigate computer crime
                                            [tf] => 4
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => forensic examiner
                                            [tf] => 4
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => daniel
                                            [tf] => 4
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => forensic field
                                            [tf] => 4
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => behavioral analysi
                                            [tf] => 4
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => analysi digital
                                            [tf] => 4
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => form computer
                                            [tf] => 4
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => host based
                                            [tf] => 4
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => based forensic
                                            [tf] => 4
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => forensic focus
                                            [tf] => 4
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => investigate computer
                                            [tf] => 4
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => computer crime
                                            [tf] => 4
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => nature intrusion
                                            [tf] => 4
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => methodical
                                            [tf] => 4
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => nature
                                            [tf] => 4
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => digital forensic examiner
                                            [tf] => 3
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => crime digital forensic
                                            [tf] => 3
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 3
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => crime digital
                                            [tf] => 3
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 3
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => information security
                                            [tf] => 3
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => incident response
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 68
                            [rank] => 222
                        )

                    [7] => stdClass Object
                        (
                            [position] => 8
                            [title] => Digital forensics: 4.1 The digital forensic process - OpenLearn - Open University - M812_1
                            [url] => https://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-4.1
                            [destination] => https://www.open.edu › openlearn › content-section-4
                            [isAmp] => 
                            [organic_position] => 8
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => 4.1 The digital forensic process - OpenLearn - The Open ...
                            [serp_description] => Analysis – an in-depth systematic search of evidence relating to the incident being investigated. The outputs of examination are data objects found in the ...
                            [hostname] => open.edu
                            [h1] => Digital forensics
                            [h2] => Array
                                (
                                    [0] => My OpenLearn Profile
                                    [1] => Course content
                                    [2] => Create your free OpenLearn profile
                                    [3] => Activity 9
                                    [4] => OpenLearn Links
                                    [5] => Footer Menu
                                    [6] => About OpenLearn
                                    [7] => Explore subjects
                                    [8] => Explore resources
                                    [9] => Our partners
                                )

                            [h3] => Array
                                (
                                    [0] => About this free course
                                    [1] => Download this course
                                    [2] => Course rewards
                                    [3] => Take your learning further
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => My OpenLearn Profile
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => Course content
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Create your free OpenLearn profile
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Activity 9
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => OpenLearn Links
                                            [id] => aria-footer-label
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Footer Menu
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => About OpenLearn
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => Explore subjects
                                        )

                                    [8] => stdClass Object
                                        (
                                            [text] => Explore resources
                                        )

                                    [9] => stdClass Object
                                        (
                                            [text] => Our partners
                                        )

                                )

                            [type] => article
                            [wordCount] => 1024
                            [imgCount] => 20
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 125
                                    [outboundSize] => 23
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => http://www.open.ac.uk/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => The Open University
                                                    [href] => http://www.open.ac.uk/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => Student home
                                                    [href] => http://www.open.ac.uk/students/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => Study with The Open University
                                                    [href] => http://www.open.ac.uk/courses
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => http://www.open.ac.uk/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => The Open University
                                                    [href] => http://www.open.ac.uk/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Student home
                                                    [href] => http://www.open.ac.uk/students/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => Study with The Open University
                                                    [href] => http://www.open.ac.uk/courses
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => http://www.open.ac.uk/
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => Sign-up now for free
                                                    [href] => https://www.open.ac.uk/account/createaccount?URL=https://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-0
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => A Geek’s Guide to Digital Forensics
                                                    [href] => http://www.open.ac.uk/libraryservices/resource/website:40808
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => Open University courses
                                                    [href] => http://www.open.ac.uk/courses/types
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => Access module
                                                    [href] => http://www.open.ac.uk/courses/do-it/access
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => Request an Open University prospectus371
                                                    [href] => http://www.open.ac.uk/request/prospectus
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => Study with The Open University
                                                    [href] => http://www.open.ac.uk/courses
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [15] => stdClass Object
                                                (
                                                    [text] => Support us
                                                    [href] => http://www.open.ac.uk/about/open-educational-resources/support-us
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [16] => stdClass Object
                                                (
                                                    [text] => Conditions of use
                                                    [href] => http://www.open.ac.uk/about/main/management/policies-and-statements/conditions-use-open-university-websites
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [17] => stdClass Object
                                                (
                                                    [text] => Privacy and cookies
                                                    [href] => http://www.open.ac.uk/about/main/management/policies-and-statements/website-privacy-ou
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [18] => stdClass Object
                                                (
                                                    [text] => Modern Slavery Act
                                                    [href] => http://www.open.ac.uk/about/main/sites/www.open.ac.uk.about.main/files/files/ecms/web-content/modern-slavery-act-statement.pdf
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [19] => stdClass Object
                                                (
                                                    [text] => Copyright
                                                    [href] => http://www.open.ac.uk/about/main/management/policies-and-statements/copyright-ou-websites
                                                    [hrefDomain] => open.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [20] => stdClass Object
                                                (
                                                    [text] => Twitter
                                                    [href] => https://twitter.com/oufreelearning
                                                    [hrefDomain] => twitter.com
                                                    [isOutbound] => 1
                                                )

                                            [21] => stdClass Object
                                                (
                                                    [text] => Facebook
                                                    [href] => https://www.facebook.com/ouopenlearn
                                                    [hrefDomain] => facebook.com
                                                    [isOutbound] => 1
                                                )

                                            [22] => stdClass Object
                                                (
                                                    [text] => YouTube
                                                    [href] => https://www.youtube.com/user/OUlearn
                                                    [hrefDomain] => youtube.com
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => My OpenLearn Profile. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Course content. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => About this free course. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 8 hours study        . 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Level 3: Advanced. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Download this course. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Course rewards. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Create your free OpenLearn profile. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Activity 9. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Take your learning further. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => OpenLearn Links. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Footer Menu. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => About OpenLearn. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Explore subjects. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Explore resources. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [9] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Our partners. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => http://www.open.edu/openlearn/ocw/pluginfile.php/906137/mod_resource/content/0/m812_olhp_786x400.jpg
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Digital forensics 4.1 The digital forensic processThe digital forensic process has the following five basic stages:Identification – the first stage identifies potential sources of relevant evidence/information (devices) as well as key custodians and location of data.Preservation – the process of preserving relevant electronically stored information (ESI) by protecting the crime or incident scene, capturing visual images of the scene and documenting all relevant information about the evidence and how it was acquired.Collection – collecting digital information that may be relevant to the investigation. Collection may involve removing the electronic device(s) from the crime or incident scene and then imaging, copying or printing out its (their) content.Analysis – an in-depth systematic search of evidence relating to the incident being investigated. The outputs of examination are data objects found in the collected information; they may include system- and user-generated files. Analysis aims to draw conclusions based on the evidence found.Reporting – firstly, reports are based on proven techniques and methodology and secondly, other competent forensic examiners should be able to duplicate and reproduce the same results.A crucial activity that accompanies the first four steps is contemporaneous note-taking. This is the documentation of what you have done immediately after you have done it in sufficient detail for another person to reproduce what you have done from the notes alone. Activity 9. Timing: Optional (Allow 1 hour)This activity is for the technically minded or curious only who would like a preview of the digital forensics process: watch the YouTube video A Geek’s Guide to Digital Forensics [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] (2011) (you may want to use the fast-forward feature to skip some sections).Digital forensics is not solely about the processes of acquiring, preserving, analysing and reporting on data concerning a crime or incident. A digital forensic scientist must be a scientist first and foremost and therefore must keep up to date with the latest research on digital forensic techniques. They may also contribute to the discipline through their own research and publish it in peer-reviewed journals.Previous 4 The role of digital forensicsNext 4.2 A brief history of digital forensics M812_1 Print Print Take your learning further. Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses. If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information. Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you. Request an Open University prospectus371 OpenLearn Search website Back to top OpenLearn Links. Footer Menu. About OpenLearn. About usFrequently asked questionsStudy with The Open UniversitySubscribe to our newsletterContact OpenLearnOpenLearn CreateOpenLearn CymruExplore subjects. Money & BusinessEducation & DevelopmentHealth, Sports & PsychologyHistory & The ArtsLanguagesNature & EnvironmentScience, Maths & TechnologySociety, Politics & LawExplore resources. Latest from OpenLearnTry something popularFree coursesFor StudyFor LifeMy OpenLearn profile Our partners. OpenLearn works with other organisations by providing free courses and resources that support our mission of opening up educational opportunities to more people in more places. Find out more Support us ©1999-2020. All rights reserved. The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England & Wales and a charity registered in Scotland (SC 038302). The Open University is authorised and regulated by the Financial Conduct Authority in relation to its secondary activity of credit broking. Accessibility Conditions of use Privacy and cookies Modern Slavery Act Copyright Twitter Facebook YouTube /openlearn/sites/all/themes/openlearnng/ https://www.open.edu/openlearn/sites/all/themes/openlearnng/static/flash/tagcloud.swf 344305
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 10
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 10
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => university
                                            [tf] => 10
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => open
                                            [tf] => 9
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 8
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => open university
                                            [tf] => 7
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => openlearn
                                            [tf] => 6
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => activity
                                            [tf] => 5
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 5
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 4
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => relevant
                                            [tf] => 4
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => incident
                                            [tf] => 4
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => learning
                                            [tf] => 4
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => study
                                            [tf] => 4
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => cours
                                            [tf] => 4
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => crime incident
                                            [tf] => 3
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => free cours
                                            [tf] => 3
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 3
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => scene
                                            [tf] => 3
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 3
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => qualification
                                            [tf] => 3
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => free
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 54
                            [rank] => 10899
                        )

                    [8] => stdClass Object
                        (
                            [position] => 9
                            [title] => What is Computer Forensics (Cyber Forensics)?
                            [url] => https://www.techtarget.com/searchsecurity/definition/computer-forensics
                            [destination] => https://www.techtarget.com › searchsecurity › definition
                            [description] => Learn about computer forensics, the steps involved in a forensics investigation and the certifications needed to start a career as a forensics investigator
                            [isAmp] => 
                            [organic_position] => 9
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What is Computer Forensics (Cyber Forensics)? - TechTarget
                            [serp_description] => Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure ...
                            [hostname] => techtarget.com
                            [canonical] => https://www.techtarget.com/searchsecurity/definition/computer-forensics
                            [h1] => computer forensics (cyber forensics)
                            [h2] => Array
                                (
                                )

                            [h3] => Array
                                (
                                    [0] => What is computer forensics?
                                    [1] => Why is computer forensics important?
                                    [2] => Types of computer forensics
                                    [3] => How does computer forensics work?
                                    [4] => Techniques forensic investigators use
                                    [5] => How is computer forensics used as evidence?
                                    [6] => Computer forensics careers and certifications
                                )

                            [h2WithAnchors] => Array
                                (
                                )

                            [type] => article
                            [wordCount] => 2961
                            [imgCount] => 10
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 66
                                    [outboundSize] => 15
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => police in the U.K. are adopting computer forensic
                                                    [href] => https://www.computerweekly.com/news/450429957/Why-UK-police-are-learning-cyber-forensics
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => created an open source forensics tool
                                                    [href] => https://www.computerweekly.com/news/450422164/Kaspersky-researcher-in-Asia-develops-cyber-forensics-tool
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => Levandowski received a presidential pardon
                                                    [href] => https://www.computerweekly.com/blog/Downtime/Levanstoleski
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => financial analysis software is used to combat fraud
                                                    [href] => https://www.computerweekly.com/blog/Data-Matters/Forensic-financial-analysis-software-used-to-combat-fraud
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => average annual salary
                                                    [href] => https://www.salary.com/research/salary/posting/entry-level-forensic-computer-analyst-salary
                                                    [hrefDomain] => salary.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => CyberSecurity Forensic Analyst
                                                    [href] => https://www.cybersecurityforensicanalyst.com/index.html
                                                    [hrefDomain] => cybersecurityforensicanalyst.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Certified Forensic Computer Examiner
                                                    [href] => https://www.iacis.com/certification/cfce/
                                                    [hrefDomain] => iacis.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => Computer Hacking Forensic Investigator
                                                    [href] => https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/
                                                    [hrefDomain] => eccouncil.org
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => Certified Computer Examiner
                                                    [href] => https://www.isfce.com/certification.htm
                                                    [hrefDomain] => isfce.com
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => UK courts face evidence 'black hole' over police EncroChat mass hacking
                                                    [href] => https://www.computerweekly.com/news/252498544/UK-courts-face-evidence-black-hole-over-police-EncroChat-mass-hacking?amp=1
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => Why UK police are learning cyber forensics By: Alex Bennett
                                                    [href] => https://www.computerweekly.com/news/450429957/Why-UK-police-are-learning-cyber-forensics
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => ComputerWeekly.com
                                                    [href] => https://www.computerweekly.com
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => Judges to decide whether Assange can appeal against extradition as he reaches 1,000 days in jail
                                                    [href] => https://www.computerweekly.com/news/252511633/Judges-to-decide-whether-Assange-can-appeal-against-extradition-as-he-reaches-1000-days-in-jail
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => Google buys Siemplify in first phase of cyber investment
                                                    [href] => https://www.computerweekly.com/news/252511615/Google-buys-Siemplify-in-first-phase-of-cyber-investment
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => Fintech players get cozy in Luxembourg
                                                    [href] => https://www.computerweekly.com/news/252511580/Fintech-players-get-cozy-in-Luxembourg
                                                    [hrefDomain] => computerweekly.com
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 3
                                            [name] => What is computer forensics?
                                            [tag] => h3
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Why is computer forensics important?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Types of computer forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How does computer forensics work?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Techniques forensic investigators use. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How is computer forensics used as evidence?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [5] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Computer forensics careers and certifications. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 
			
			Continue Reading About computer forensics (cyber forensics)
		. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 
				Related Terms. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [2] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 
			Dig Deeper on Threat detection and response. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                    [0] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => electronic discovery (e-discovery or ediscovery)
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [1] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Information security certification guide: Forensics
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [2] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Why UK police are learning cyber forensics
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [3] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://cdn.ttgtmedia.com/ITKE/images/logos/TTlogo-379x201.png
                                    [twitterImage] => https://cdn.ttgtmedia.com/ITKE/images/logos/TTlogo-379x201.png
                                )

                            [schema_type] => Array
                                (
                                    [0] => Article
                                    [1] => VideoObject
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => computer forensics (cyber forensics) By Ben Lutkevich, Technical Writer What is computer forensics? Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Computer forensics -- which is sometimes referred to as computer forensic science -- essentially is data recovery with legal compliance guidelines to make the information admissible in legal proceedings. The terms digital forensics and cyber forensics are often used as synonyms for computer forensics. Digital forensics starts with the collection of information in a way that maintains its integrity. Investigators then analyze the data or system to determine if it was changed, how it was changed and who made the changes. The use of computer forensics isn't always tied to a crime. The forensic process is also used as part of data recovery processes to gather data from a crashed server, failed drive, reformatted operating system (OS) or other situation where a system has unexpectedly stopped working. Why is computer forensics important? In the civil and criminal justice system, computer forensics helps ensure the integrity of digital evidence presented in court cases. As computers and other data-collecting devices are used more frequently in every aspect of life, digital evidence -- and the forensic process used to collect, preserve and investigate it -- has become more important in solving crimes and other legal issues. The average person never sees much of the information modern devices collect. For instance, the computers in cars continually collect information on when a driver brakes, shifts and changes speed without the driver being aware. However, this information can prove critical in solving a legal matter or a crime, and computer forensics often plays a role in identifying and preserving that information. Digital evidence isn't just useful in solving digital-world crimes, such as data theft, network breaches and illicit online transactions. It's also used to solve physical-world crimes, such as burglary, assault, hit-and-run accidents and murder. Businesses often use a multilayered data management, data governance and network security strategy to keep proprietary information secure. Having data that's well managed and safe can help streamline the forensic process should that data ever come under investigation. Find out the six steps to building resilient digital asset protection. Businesses also use computer forensics to track information related to a system or network compromise, which can be used to identify and prosecute cyber attackers. Businesses can also use digital forensic experts and processes to help them with data recovery in the event of a system or network failure caused by a natural or other disaster. As the world becomes more reliant on digital technology for the core functions of life, cybercrime is rising. As such, computer forensic specialists no longer have a monopoly on the field. See how the police in the U.K. are adopting computer forensic techniques to keep up with increasing rates of cybercrime. Types of computer forensics. There are various types of computer forensic examinations. Each deals with a specific aspect of information technology. Some of the main types include the following: Database forensics. The examination of information contained in databases, both data and related metadata. Email forensics. The recovery and analysis of emails and other information contained in email platforms, such as schedules and contacts. Malware forensics. Sifting through code to identify possible malicious programs and analyzing their payload. Such programs may include Trojan horses, ransomware or various viruses.  See the full range of malware types businesses must contend with today. Memory forensics. Collecting information stored in a computer's random access memory (RAM) and cache. Mobile forensics. The examination of mobile devices to retrieve and analyze the information they contain, including contacts, incoming and outgoing text messages, pictures and video files. Network forensics. Looking for evidence by monitoring network traffic, using tools such as a firewall or intrusion detection system. How does computer forensics work? Forensic investigators typically follow standard procedures, which vary depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for. In general, these procedures include the following three steps: Data collection. Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes, such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website. Analysis. Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology's Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power. Presentation. The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system. Often, multiple tools are used in computer forensic investigations to validate the results they produce. Learn how a researcher at Kaspersky Lab in Asia created an open source forensics tool for remotely collecting malware evidence without compromising system integrity. Techniques forensic investigators use. Investigators use a variety of techniques and proprietary forensic applications to examine the copy they've made of a compromised device. They search hidden folders and unallocated disk space for copies of deleted, encrypted or damaged files. Any evidence found on the digital copy is carefully documented in a finding report and verified with the original device in preparation for legal proceedings that involve discovery, depositions or actual litigation. Computer forensic investigations use a combination of techniques and expert knowledge. Some common techniques include the following: Reverse steganography. Steganography is a common tactic used to hide data inside any type of digital file, message or data stream. Computer forensic experts reverse a steganography attempt by analyzing the data hashing that the file in question contains. If a cybercriminal hides important information inside an image or other digital file, it may look the same before and after to the untrained eye, but the underlying hash or string of data that represents the image will change. Stochastic forensics. Here, investigators analyze and reconstruct digital activity without the use of digital artifacts. Artifacts are unintended alterations of data that occur from digital processes. Artifacts include clues related to a digital crime, such as changes to file attributes during data theft. Stochastic forensics is frequently used in data breach investigations where the attacker is thought to be an insider, who might not leave behind digital artifacts. Cross-drive analysis. This technique correlates and cross-references information found on multiple computer drives to search for, analyze and preserve information relevant to an investigation. Events that raise suspicion are compared with information on other drives to look for similarities and provide context. This is also known as anomaly detection. Live analysis. With this technique, a computer is analyzed from within the OS while the computer or device is running, using system tools on the computer. The analysis looks at volatile data, which is often stored in cache or RAM. Many tools used to extract volatile data require the computer in to be in a forensic lab to maintain the legitimacy of a chain of evidence. Deleted file recovery. This technique involves searching a computer system and memory for fragments of files that were partially deleted in one place but leave traces elsewhere on the machine. This is sometimes known as file carving or data carving. Find out more about computer forensic analytics in this chapter from the book Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology, by Chet Hosmer. It shows how to use Python and cybersecurity technology to preserve digital evidence. How is computer forensics used as evidence? Computer forensics has been used as evidence by law enforcement agencies and in criminal and civil law since the 1980s. Some notable cases include the following: Apple trade secret theft. An engineer named Xiaolang Zhang at Apple's autonomous car division announced his retirement and said he would be moving back to China to take care of his elderly mother. He told his manager he planned to work at an electronic car manufacturer in China, raising suspicion. According to a Federal Bureau of Investigation (FBI) affidavit, Apple's security team reviewed Zhang's activity on the company network and found, in the days prior to his resignation, he downloaded trade secrets from confidential company databases to which he had access. He was indicted by the FBI in 2018. Enron. In one of the most commonly cited accounting fraud scandals, Enron, a U.S. energy, commodities and services company, falsely reported billions of dollars in revenue before going bankrupt in 2001, causing financial harm to many employees and other people who had invested in the company. Computer forensic analysts examined terabytes of data to understand the complex fraud scheme. The scandal was a significant factor in the passing of the Sarbanes-Oxley Act of 2002, which set new accounting compliance requirements for public companies. The company declared bankruptcy in 2001. Google trade secret theft. Anthony Scott Levandowski, a former executive of both Uber and Google, was charged with 33 counts of trade secret theft in 2019. From 2009 to 2016, Levandowski worked in Google's self-driving car program, where he downloaded thousands of files related to the program from a password-protected corporate server. He departed from Google and created Otto, a self-driving truck company, which Uber bought in 2016, according to The New York Times. Levandowski plead guilty to one count of trade secrets theft and was sentenced to 18 months in prison and $851,499 in fines and restitution. Levandowski received a presidential pardon in January 2021. Larry Thomas. Thomas shot and killed Rito Llamas-Juarez in 2016 Thomas was later convicted with the help of hundreds of Facebook posts he made under the fake name of Slaughtaboi Larro. One of the posts included a picture of him wearing a bracelet that was found at the crime scene. Michael Jackson. Investigators used metadata and medical documents from Michael Jackson's doctor's iPhone that showed the doctor, Conrad Murray, prescribed lethal amounts of medication to Jackson, who died in 2009. Mikayla Munn. Munn drowned her newborn baby in the bathtub of her Manchester University dorm room in 2016. Investigators found Google searches on her computer containing the phrase "at home abortion," which were used to convict her. Murder is just one of the many types of crime computer forensics can aid in combating. Learn how forensic financial analysis software is used to combat fraud. Computer forensics careers and certifications. Computer forensics has become its own area of scientific expertise, with accompanying coursework and certification. The average annual salary for an entry-level computer forensic analyst is about $65,000, according to Salary.com. Some examples of cyber forensic career paths include the following: Forensic engineer. These professionals deal with the collection stage of the computer forensic process, gathering data and preparing it for analysis. They help determine how a device failed. Forensic accountant. This position deals with crimes involving money laundering and other transactions made to cover up illegal activity. Cybersecurity analyst. This position deals with analyzing data once it has been collected and drawing insights that can later be used to improve an organization's cybersecurity strategy. A bachelor's degree -- and, sometimes, a master's degree -- in computer science, cybersecurity or a related field are required of computer forensic professionals. There are several certifications available in this field, including the following: CyberSecurity Institute's CyberSecurity Forensic Analyst. This credential is designed for security professionals with at least two years of experience. Testing scenarios are based on actual cases. International Association of Computer Investigative Specialists' Certified Forensic Computer Examiner. This program focuses primarily on validating the skills necessary to ensure business follows established computer forensic guidelines. EC-Council's Computer Hacking Forensic Investigator. This certification assesses an applicant's ability to identify intruders and collect evidence that can be used in court. It covers search and seizure of information systems, working with digital proof and other cyber forensics skills. International Society of Forensic Computer Examiners' (ISFCE) Certified Computer Examiner. This forensic examiner program requires training at an authorized bootcamp training center, and applicants must sign the ISFCE Code of Ethics and Professional Responsibility. Learn more about a cyber forensics career from this interview with Amanda Rousseau, senior malware researcher at Endgame (now at Facebook), who began her career performing computer forensic investigations at the Department of Defense Cyber Crime Center. This was last updated in May 2021 Continue Reading About computer forensics (cyber forensics) . UK courts face evidence 'black hole' over police EncroChat mass hacking 10 leading incident response vendors for 2021 Cloud computing forensics techniques for evidence acquisition Related Terms. micro VM (micro virtual machine) A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a ... See complete definition spam filter A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting... See complete definition stealth virus A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. See complete definition Dig Deeper on Threat detection and response. electronic discovery (e-discovery or ediscovery) By: Alexander Gillis Information security certification guide: Forensics By: Ed Tittel Why UK police are learning cyber forensics By: Alex Bennett Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations SearchCloudSecurity How to overcome 3 multi-tenancy security issues Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation... Evaluate cloud database security controls, best practices If your company is using a cloud database provider, it's critical to stay on top of security. Review the security features ... All about cloud-native application protection platforms The cloud-native application protection platform, or CNAPP, is the latest in a slew of cloud security acronyms. Learn what it is ... SearchNetworking How IT can provide home Wi-Fi help for remote workers When assisting home-based workers with their Wi-Fi woes, be sure to assess their internet connectivity and even consider ... Explore 9 essential elements of network security Network security isn't a one-size-fits-all strategy. Dive into the various segments of network security, and learn how they ... In 2022, AI network management is all about growing trust AI network management tools are poised for significant growth in the coming year, but making the most of the tech's capabilities ... SearchCIO Top technology trends come down to CIO strategy in 2022 Rather than feel the wave of top tech trends of 2022 wash over them, CIOs should focus on business goals to guide their emerging ... 5 keys to IT talent development in a hybrid work model With the tech talent shortage in full force, IT talent development is critical for every organization. Learn the essentials of ... 5 steps to crafting a successful automation strategy IT leaders who bypass strategy and go straight to selecting automation tools are courting failure. Here's how to move toward ... SearchEnterpriseDesktop Explore Jamf's products and features for Apple management Apple macOS devices make up a significant portion of enterprise endpoints, and vendors such as Jamf offer tools to help ... LastPass goes solo, plans to focus on mobile features After spinning off from LogMeIn, password management firm LastPass plans to grow its business by providing faster feature updates... How to scan and repair disks with Windows 10 Check Disk Windows 10 Disk Check is an intuitive tool that can scan and repair hard drives to reduce the risk of total disk failure and loss... SearchCloudComputing Guide to creating a cloud migration testing strategy Follow these guidelines to help craft a strategy for cloud migration testing, from key tests to run to common challenges and best... Why re:Invent 2021 spotlighted existing AWS products Many of AWS' re:Invent announcements highlighted enhancements to existing products, rather than new services. Here's why the ... 3 popular machine learning certifications to get in 2022 Google, AWS and Azure offer machine learning certifications for the cloud that can further your career. Learn what to expect from... ComputerWeekly.com Judges to decide whether Assange can appeal against extradition as he reaches 1,000 days in jail Mexican president Andrés Manuel López Obrador urges US to treat WikiLeaks founder Julian Assange with humanity and to consider ... Google buys Siemplify in first phase of cyber investment Once integrated into Google Cloud, Siemplify’s platform will serve as the basis for deeper security development at Google Fintech players get cozy in Luxembourg Luxembourg aims to play a larger role in the rapidly growing global fintech market Close
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 78
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 52
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 34
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 28
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 24
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 23
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 15
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 14
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 14
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => security
                                            [tf] => 14
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 13
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => google
                                            [tf] => 12
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => investigator
                                            [tf] => 12
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 12
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => cyber
                                            [tf] => 10
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => technique
                                            [tf] => 10
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 10
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => file
                                            [tf] => 10
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 10
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => cloud
                                            [tf] => 10
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => strategy
                                            [tf] => 9
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 8
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 8
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => program
                                            [tf] => 8
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => company
                                            [tf] => 8
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => cyber forensic
                                            [tf] => 7
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => business
                                            [tf] => 7
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => include
                                            [tf] => 7
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => learn
                                            [tf] => 7
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => certification
                                            [tf] => 7
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => forensic investigator
                                            [tf] => 6
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => machine
                                            [tf] => 6
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => cybersecurity
                                            [tf] => 6
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 5
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => forensic investigation
                                            [tf] => 5
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => trade secret
                                            [tf] => 5
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => trade secret theft
                                            [tf] => 4
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => data recovery
                                            [tf] => 4
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => forensic process
                                            [tf] => 4
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 4
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => network security
                                            [tf] => 4
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => digital copy
                                            [tf] => 4
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => secret theft
                                            [tf] => 4
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => forensic cyber forensic
                                            [tf] => 3
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => computer forensic investigation
                                            [tf] => 3
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => see complete definition
                                            [tf] => 3
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => forensic cyber
                                            [tf] => 3
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 3
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => analysi technique
                                            [tf] => 3
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => legal proceeding
                                            [tf] => 3
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => investigator analyze
                                            [tf] => 3
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => forensic examination
                                            [tf] => 3
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => forensic evidence
                                            [tf] => 3
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => forensic analyst
                                            [tf] => 3
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => forensic career
                                            [tf] => 3
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => computer examiner
                                            [tf] => 3
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => virtual machine
                                            [tf] => 3
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => see complete
                                            [tf] => 3
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => complete definition
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 51
                            [rank] => 24315
                        )

                    [9] => stdClass Object
                        (
                            [position] => 10
                            [title] => What's Digital Forensics? How Cybersleuths Work - National University
                            [url] => https://www.nu.edu/resources/whats-digital-forensics/
                            [destination] => https://www.nu.edu › resources › whats-digital-forensics
                            [description] => What’s digital forensics all about and how do cybersleuths help law enforcement agencies and corporations investigate criminal activities?
                            [isAmp] => 
                            [organic_position] => 10
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What's Digital Forensics? How Cybersleuths Work - National ...
                            [serp_description] => What's digital forensics all about and how do cybersleuths help law enforcement ... who have had PTSD after some of the investigations they have worked on.
                            [hostname] => nu.edu
                            [canonical] => https://www.nu.edu/resources/whats-digital-forensics/
                            [h1] => What’s Digital Forensics? How Cybersleuths Work
                            [h2] => Array
                                (
                                    [0] => What’s Digital Forensics? Law Enforcement and Corporate Security
                                    [1] => “Falling” Into a Career in Digital Forensics
                                    [2] => Digital Forensics Today
                                    [3] => The Daubert Standard
                                    [4] => How is Digital Forensics Taught?
                                    [5] => Analytical and Creative
                                    [6] => Ethical Fortitude
                                    [7] => Emotional Resilience
                                    [8] => Career Prospects
                                    [9] => Diversity in Digital Forensics
                                    [10] => The Online Degree in Cybersecurity Option
                                    [11] => What’s Digital Forensics? A Great Career!
                                    [12] => Search the site
                                    [13] => Terms & Conditions
                                )

                            [h3] => Array
                                (
                                    [0] => Featured Programs
                                    [1] => Helpful Links
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => What’s Digital Forensics? Law Enforcement and Corporate Security
                                            [id] => whats-digital-forensics-law-enforcement-and-corporate-security
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => “Falling” Into a Career in Digital Forensics
                                            [id] => falling-into-a-career-in-digital-forensics
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Digital Forensics Today
                                            [id] => digital-forensics-today
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => The Daubert Standard
                                            [id] => the-daubert-standard
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => How is Digital Forensics Taught?
                                            [id] => how-is-digital-forensics-taught
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Analytical and Creative
                                            [id] => analytical-and-creative
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Ethical Fortitude
                                            [id] => ethical-fortitude
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => Emotional Resilience
                                            [id] => emotional-resilience
                                        )

                                    [8] => stdClass Object
                                        (
                                            [text] => Career Prospects
                                            [id] => career-prospects
                                        )

                                    [9] => stdClass Object
                                        (
                                            [text] => Diversity in Digital Forensics
                                            [id] => diversity-in-digital-forensics
                                        )

                                    [10] => stdClass Object
                                        (
                                            [text] => The Online Degree in Cybersecurity Option
                                            [id] => the-online-degree-in-cybersecurity-option
                                        )

                                    [11] => stdClass Object
                                        (
                                            [text] => What’s Digital Forensics? A Great Career!
                                            [id] => whats-digital-forensics-a-great-career
                                        )

                                    [12] => stdClass Object
                                        (
                                            [text] => Search the site
                                            [id] => dialog-title
                                        )

                                    [13] => stdClass Object
                                        (
                                            [text] => Terms & Conditions
                                            [id] => terms-title
                                        )

                                )

                            [published_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 15o April 2019
                                    [dateISO] => 2019-04-15T17:00:38+00:00
                                )

                            [modified_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 12o March 2020
                                    [dateISO] => 2020-03-12T00:21:05+00:00
                                )

                            [type] => article
                            [wordCount] => 2903
                            [imgCount] => 1
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 21
                                    [outboundSize] => 1
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Daubert Standard
                                                    [href] => https://en.wikipedia.org/wiki/Daubert_standard
                                                    [hrefDomain] => wikipedia.org
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What’s Digital Forensics? Law Enforcement and Corporate Security. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => “Falling” Into a Career in Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital Forensics Today. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => The Daubert Standard. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How is Digital Forensics Taught?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Analytical and Creative. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Ethical Fortitude. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Emotional Resilience. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Career Prospects. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [9] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Diversity in Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [10] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => The Online Degree in Cybersecurity Option. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [11] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What’s Digital Forensics? A Great Career!
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [12] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Search the site. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Featured Programs. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Helpful Links. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [13] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Terms & Conditions. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://www.nu.edu/wp-content/uploads/2019/04/Whats-Digital-Forensics-How-Cybersleuths-Work.jpg
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => What’s Digital Forensics? How Cybersleuths Work Think of the word “forensics” and you’ll probably conjure up images of grisly scenes from TV drama series like CSI: Crime Scene Investigation. However, there is another world of forensic investigation, where bodies and bloodstain patterns are replaced by more mundane (but equally illustrative to the forensic mind), laptop computers, mobile devices, games consoles, Alexa-style virtual home assistants, and even automobile digital management systems. Don’t let the everyday appearance of these devices fool you. In the world of digital forensics, electronic devices are as important to any investigation as the discovery of a murder weapon. So what’s digital forensics all about and how does this new breed of cybersleuths help law enforcement agencies and corporations investigate criminal activities and protect us from the bad guys? We spoke with Dr. Denise Kinsey, who has more than 25-years’ experience in the field and recently joined National University’s faculty to share her digital forensic investigation skills with students in the bachelor degree in cybersecurity online program. “Digital Forensics is the process by which we try to recover digital artifacts, items that are on any kind of electronic device that may be used in an investigation, whether it be to exonerate somebody or to help secure their guilt,” says Dr. Kinsey.   What’s Digital Forensics? Law Enforcement and Corporate Security. In law enforcement, digital forensics is used to gain additional evidence after a crime has been committed to support charges against a suspect or prevent further crimes from happening. Information stored on a device could place a suspect at the scene of a crime, help uncover motives, or highlight criminal connections. It could also be used to support an alibi and prove someone’s innocence. In a business setting, digital forensics could be used as part of the organization’s incident response protocol, helping to identify exactly what happened and isolating what or who was responsible, whether that’s for prosecution or just internal knowledge. However, according to Kinsey, not all incidents referred to digital forensic teams are caused by malicious intent. “It could simply lead to the discovery that kicking-off two programs simultaneously causes the server to crash, for example,” says Kinsey. “A lot of times you don’t know what’s happening until you start going through the logs and going into the drives and looking for any of those artifacts to see what got recorded.”   “Falling” Into a Career in Digital Forensics. Like many other professionals engaged with digital technology during its infancy in the 1990s, Kinsey didn’t set out to develop a career specifically in digital forensics. “I actually fell into it,” says Kinsey. “I was already working as a security analyst and there was an incident that my company wanted investigating. Three of us literally learned how to use the tools by getting our hands on everything we could read and playing with the tools. This was back in the 90s — so there weren’t all the tutorials, there wasn’t YouTube, there wasn’t this instant access to content, and there weren’t any classes on it. So we taught ourselves.” Highlighting the difficulties the team faced, Kinsey recalls, “You didn’t know if you were doing things right or wrong and you had no baseline.” While Kinsey couldn’t go into too much detail about her first case, she could reveal it was a classic case of industrial espionage. “It was basically somebody who was getting into a system that they had no legitimate reason to be in,” says Kinsey. “They were trying to steal intellectual property so they could set themselves up as a competitor and they were also messing with intellectual property and changing schematics so that when products went into production, they would not be made to the necessary tolerances and safeguards.”   Digital Forensics Today. Digital forensics has come a long way since Kinsey’s first tentative steps into the field. Tools and processes have been developed and documented, and training and accreditation required, giving digital forensic teams the confidence that their investigations can stand the rigors of cross-examination in court. “There are a number of brand name tools available — things like Encase and Forensic Toolkit (FTK), or Cellebrite for phones,” says Kinsey. “There are even some open source tools that you can practice and learn with. It’s really about learning the techniques and being able to apply those between the tools.”   The Daubert Standard. While the different tools each have their own unique benefits, the most important thing is that a forensic investigator is able to validate their findings. If different investigators using different tools examine the same evidence, they should all find the same results. Any evidence given in court must conform to the Daubert Standard. Kinsey explains that the Daubert Standard stems from a landmark court case where an expert witness’s findings were questioned as unreliable. “It wasn’t sound,” says Kinsey. “It wasn’t peer-reviewed, it wasn’t accepted into the field, there weren’t journal articles about it, it wasn’t well known and a lot of the findings weren’t open so that it could be repeated.” “So these things are part of the litmus test of whether or not we can use the tools or processes in court. Any attorney is going to be the one who asks, ’Are these things valid?’” If there is any doubt about the specific tools and processes used to uncover evidence, “Worst case, you just repeat it with another tool,” says Kinsey.   How is Digital Forensics Taught? The process of teaching digital forensics at National University takes very much a hands-on approach. “Students are given different situations and they are provided the tools and techniques to be able to go and investigate those situations,” says Kinsey. Students are put into real-world scenarios, where everything isn’t always straightforward. “They are given the idea that something has happened — now you’ve got to perform an investigation to get to the crux of the matter to see if there was really a crime committed; was it a mistake, was it an accident? Students are not given answers. Sometimes they don’t know the type of crimes they are investigating and sometimes they do because it’s an isolated exercise.” Kinsey describes the process as a “digital scavenger hunt.” This type of approach gives students the chance to work with different tools and see how good they are at investigation and discover if they like and are a good fit for that kind of work. “It really is kind of a puzzle you are trying to identify,” says Kinsey. “Is there anything in here connected? Is there any kind of a timeline? Does any of this make sense in a particular context?”   Analytical and Creative. While Kinsey insists there is no typical student with an aptitude for digital forensics, there are certain traits that students must possess if they are to be successful in the field. “You really have to be analytical and you have to be creative, which kind of crosses a boundary,” says Kinsey. Most people, she says, are often one or the other. “You need to be analytical because it’s very methodical work. You have to go through a process, you have to pay attention to detail, you have to make sure that all your t’s are crossed and all your i’s are dotted. But then you have to be creative because when you get these different artifacts you also have to be able to identify if there is something wrong.” Kinsey explains the creative process really kicks in when the forensic examiner hits a roadblock. Perhaps they are unable to access a specific partition on a hard drive or timelines just don’t match up when they suspect something isn’t right. Like many other creative tasks, the work can be isolating and time-consuming. “It’s not like CSI or any of the other television shows,” says Kinsey. “A lot of the time you work in your lab by yourself.”   Ethical Fortitude. Besides analytical and creative skills, Kinsey believes that the biggest requirement to be a successful forensic examiner is the ability to work with an ethical fortitude that can’t be compromised. “If you can be bought — this is not a field for you,” says Kinsey bluntly. The forensic examiner’s ethical fortitude is often called into question during court proceedings and it must prove resilient if the evidence presented is to be deemed reliable. “You may have to testify and if you cannot withstand the scrutiny, you may be the weakest link,” says Kinsey. “If there is a defense attorney, they are going to tear into your life and they are going to attack you, that’s the kind of thing they do to rip a case apart.” Defense attorneys hone in on human vulnerabilities.“Let’s face it, as humans we make mistakes and we do things we shouldn’t do and things that we regret over our lifetimes; so often, it’s the person that they try to attack. This is why you have to be sound in not only who you are and what you are doing, but also the processes that you are using.”   Emotional Resilience. In many cases, it’s vitally important that a digital forensic expert is able to maintain their resilience and composure. “It can be an emotional situation,” says Kinsey. “You may be dealing with somebody who has lost something, life or limb, or a child is missing, or horrible things have happened. You have to be able to distance yourself much the way that those who work in emergency rooms are able to divorce themselves from the proceedings going on. I’ve known investigators who have had PTSD after some of the investigations they have worked on.” Kinsey advises that If you don’t have the right temperament to cope with the criminal side of things, corporate might be a better route you want to pursue professionally.   Career Prospects. There are several career paths for students who want to launch a career in digital forensics: in stand-alone positions in law enforcement and within large corporations, as part of a more general career in cybersecurity with a smaller company, or as a career focus in the military. “There are definitely digital forensic careers within law enforcement,” says Kinsey. “It’s a case of identifying a jurisdiction you want to work for, whether that’s a sheriff’s department or a local police department. Then we have the folks who traverse state lines and local jurisdictions working with the FBI, and those who work with organizations like the NSA, the CIA. And, of course, you have the military.” In the private sector, Kinsey explains that large cloud-based service companies and enterprises like Microsoft have forensic departments because they need to get to the bottom of any incident that might occur. “They are going to want to make sure that somebody is not stealing their intellectual property, that there is nothing that is escaping their security measures so they are going to have professionals employed in these areas,” says Kinsey. Smaller businesses do not tend to have a full-time need for digital forensic specialists but training in the field will almost certainly be a useful asset to any employer or to your resume. “If it’s a small company, you still might have digital forensics as a part of your duties, especially when you read a job offering and it says ‘and other duties as assigned.’ You just won’t have the same level of frequency with it,” says Kinsey. “In fact, I didn’t have it as a set job. I had it as ‘other duties as assigned.’ I fell into it – and it grew from there.” Thanks to the specialist nature of the field, there is also the option of working on a contract basis as a digital forensics consultant, particularly when testifying in court. In the courtroom, experience matters. “A lot of times, a company will hire somebody who is external to the organization to repeat the process that was done by the internal employees,” says Kinsey. “This helps the company to validate that these steps were taken and that they can be repeated. The consultant will then often testify on behalf of their client; the consultant has a lot more experience testifying than an internal employee  who may have  done only one investigation in a number of years because there had not been that much need.”   Diversity in Digital Forensics. Kinsey is a big advocate for greater diversity in the cybersecurity arena. “I absolutely believe that we need as much diversity as possible in cybersecurity,” says Kinsey. If we continue to go after the problems in a reactive way, we’ll always remain reactive. If we start opening this field up to people who have psychology backgrounds, or experience in criminal justice, law enforcement and IT, and those who understand mathematics, we are more likely to become proactive.” She is also a big proponent of helping military personnel and veterans secure their future through qualifications and experience that are recognized by civilian organizations. “A lot of professionals who work in the military cannot disclose what they have done because it’s confidential,” says Kinsey. “So what we are also doing is providing them with a public view of what they have accomplished, so that they have the credentials that they need to get a job in the civilian market when they retire.” Enabling National University’s military alumni to progress in their civilian careers is something that Kinsey thinks is especially important and gratifying. “It’s definitely a necessity and of great value,” says Kinsey. “It’s something that we can be proud of offering and that students can take and apply almost wherever they go. If these servicemembers end up going into traditional IT jobs, then they still will be that much more valuable because they’ve got a different view into it than a traditional IT person.”   The Online Degree in Cybersecurity Option. Being able to reach students, regardless of their location or situation, is one of the many things that Kinsey enjoys about teaching in National University’s online cybersecurity degree programs. “I love online education,” says Kinsey. “I believe it can be as good or better than on-campus education simply because it gives you the freedom to pursue the best program for you, no matter where it happens to be located, or where you happen to be located.” This is particularly true for students who would not normally be able to access traditional university education, including active duty servicemembers and those who, because of family or work commitments, cannot attend classes on campus. “It serves the need for our military because you cannot stop being in theatre to go to class,” says Kinsey. “It allows opportunities that many other students wouldn’t otherwise have, especially when we talk about underserved populations. If you have a quality program, with quality instruction, and the opportunity to interact, you can get a very similar experience online as you would on-campus. I love online!”   What’s Digital Forensics? A Great Career! A career in digital forensics can be a challenging and rewarding vocation. To succeed in this role, you’ll need the right temperament and the right skill set. For those with the right stuff, a degree in cybersecurity from National University could be your first step towards achieving your goals. To learn more about digital forensics, visit our bachelor degree in cybersecurity online program page.   × Search the site. Modal window with site-search and helpful links Featured Programs. Nursing Business and Management Computer Science Teaching and Credentials Helpful Links. Admissions & Application Information Login Scholarships Accredited Online Degrees & Programs Student Services Request Your Transcripts Tuition × Terms & Conditions. By checking this box as my electronic signature and submitting this form by clicking the Request Info button above, I provide my express written consent to representatives of National University and National University System affiliates (City University of Seattle, Northcentral University and National University Virtual High School) to contact me about educational opportunities, and to send phone calls, and/or SMS/Text Messages – using automated technology, including automatic dialing system and pre-recorded and artificial voice messages – to the phone numbers (including cellular) and e-mail address(es) I have provided. I confirm that the information provided on this form is accurate and complete. I also understand that certain degree programs may not be available in all states. Message and data rates may apply. I understand that consent is not a condition to purchase any goods, services or property, and that I may withdraw my consent at any time by sending an email to [email protected]. I understand that if I am submitting my personal data from outside of the United States, I am consenting to the transfer of my personal data to, and its storage in, the United States, and I understand that my personal data will be subject to processing in accordance with U.S. laws, unless stated otherwise in our privacy policy. Please review our privacy policy for more details or contact us at [email protected].
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => kinsey
                                            [tf] => 51
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 37
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 31
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 28
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => it
                                            [tf] => 16
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => university
                                            [tf] => 14
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => student
                                            [tf] => 13
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 13
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => work
                                            [tf] => 12
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => national university
                                            [tf] => 11
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => program
                                            [tf] => 11
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 11
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 11
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => career
                                            [tf] => 11
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => thing
                                            [tf] => 11
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => lot
                                            [tf] => 10
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => online
                                            [tf] => 10
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => field
                                            [tf] => 9
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => case
                                            [tf] => 8
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => national
                                            [tf] => 8
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => cybersecurity
                                            [tf] => 8
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => kinsey it
                                            [tf] => 7
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => military
                                            [tf] => 7
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => law
                                            [tf] => 7
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => degree
                                            [tf] => 7
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => lot time
                                            [tf] => 6
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 6
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 6
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => enforcement
                                            [tf] => 6
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => experience
                                            [tf] => 6
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => kind
                                            [tf] => 6
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => time
                                            [tf] => 6
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => company
                                            [tf] => 6
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => court
                                            [tf] => 6
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => creative
                                            [tf] => 6
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => ethical fortitude
                                            [tf] => 5
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => forensic examiner
                                            [tf] => 4
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => degree program
                                            [tf] => 4
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => degree cybersecurity
                                            [tf] => 4
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => career digital forensic
                                            [tf] => 3
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => career digital
                                            [tf] => 3
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => intellectual property
                                            [tf] => 3
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => tool process
                                            [tf] => 3
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => daubert standard
                                            [tf] => 3
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => kinsey explain
                                            [tf] => 3
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => analytical creative
                                            [tf] => 3
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => personal data
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 48
                            [rank] => 77369
                        )

                    [10] => stdClass Object
                        (
                            [position] => 11
                            [title] => Digital forensics - Wikipedia
                            [url] => https://en.wikipedia.org/wiki/Digital_forensics
                            [destination] => https://en.wikipedia.org › wiki › Digital_forensics
                            [isAmp] => 
                            [organic_position] => 11
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Digital forensics - Wikipedia
                            [serp_description] => Digital forensics is a branch of forensic science encompassing the recovery, investigation, ... Organization on Computer Evidence" (IOCE) was one agency that worked to ...
                            [hostname] => en.wikipedia.org
                            [canonical] => https://en.wikipedia.org/wiki/Digital_forensics
                            [h1] => Digital forensics
                            [h2] => Array
                                (
                                    [0] => Contents
                                    [1] => History[edit]
                                    [2] => Forensic process[edit]
                                    [3] => Application[edit]
                                    [4] => Legal considerations[edit]
                                    [5] => Branches[edit]
                                    [6] => Artificial Intelligence and its Role in Digital Forensics[edit]
                                    [7] => See also[edit]
                                    [8] => References[edit]
                                    [9] => Further reading[edit]
                                    [10] => External links[edit]
                                    [11] => Navigation menu
                                )

                            [h3] => Array
                                (
                                    [0] => 1980s–1990s: Growth of the field[edit]
                                    [1] => 2000s: Developing standards[edit]
                                    [2] => Development of forensic tools[edit]
                                    [3] => Limitations[edit]
                                    [4] => Digital evidence[edit]
                                    [5] => Investigative tools[edit]
                                    [6] => Computer forensics[edit]
                                    [7] => Mobile device forensics[edit]
                                    [8] => Network forensics[edit]
                                    [9] => Forensic data analysis[edit]
                                    [10] => Database forensics[edit]
                                    [11] => Related journals[edit]
                                    [12] => Search
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => Contents
                                            [id] => mw-toc-heading
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => History[edit]
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Forensic process[edit]
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Application[edit]
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Legal considerations[edit]
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Branches[edit]
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Artificial Intelligence and its Role in Digital Forensics[edit]
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => See also[edit]
                                        )

                                    [8] => stdClass Object
                                        (
                                            [text] => References[edit]
                                        )

                                    [9] => stdClass Object
                                        (
                                            [text] => Further reading[edit]
                                        )

                                    [10] => stdClass Object
                                        (
                                            [text] => External links[edit]
                                        )

                                    [11] => stdClass Object
                                        (
                                            [text] => Navigation menu
                                        )

                                )

                            [type] => website
                            [wordCount] => 6140
                            [imgCount] => 11
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 623
                                    [outboundSize] => 84
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Civil Evidence acts
                                                    [href] => https://www.legislation.gov.uk/ukpga/1995/38/contents
                                                    [hrefDomain] => legislation.gov.uk
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => Handbook of Digital Forensics and Investigation
                                                    [href] => https://books.google.com/books?id=xNjsDprqtUYC
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => "Basic Digital Forensic Investigation Concepts"
                                                    [href] => http://www.digital-evidence.org/di_basics.html
                                                    [hrefDomain] => digital-evidence.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20100226184652/http://www.digital-evidence.org/di_basics.html
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => "Florida Computer Crimes Act"
                                                    [href] => https://web.archive.org/web/20100612064428/http://www.clas.ufl.edu/docs/flcrimes/chapter2_1.html
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => the original
                                                    [href] => http://www.clas.ufl.edu/docs/flcrimes/chapter2_1.html
                                                    [hrefDomain] => ufl.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Digital Evidence and Computer Crime, Second Edition
                                                    [href] => https://books.google.com/books?id=Xo8GMt_AbQsC
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => Hacking Exposed: Computer Forensics
                                                    [href] => https://books.google.com/books?id=yMdNrgSBUq0C
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => "A Brief History of Computer Crime: A"
                                                    [href] => http://www.mekabay.com/overviews/history.pdf
                                                    [hrefDomain] => mekabay.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20100821112900/http://www.mekabay.com/overviews/history.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => Computer and intrusion forensics
                                                    [href] => https://archive.org/details/computerintrusio00moha_792
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => 395
                                                    [href] => https://archive.org/details/computerintrusio00moha_792/page/n416
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => 10.1016/S1361-3723(04)00017-X
                                                    [href] => https://doi.org/10.1016%2FS1361-3723%2804%2900017-X
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => "Digital forensics research: The next 10 years"
                                                    [href] => https://doi.org/10.1016%2Fj.diin.2010.05.009
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => 10.1016/j.diin.2010.05.009
                                                    [href] => https://doi.org/10.1016%2Fj.diin.2010.05.009
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [15] => stdClass Object
                                                (
                                                    [text] => "Forensic analysis in the digital world"
                                                    [href] => https://utica.edu/academic/institutes/ecii/publications/articles/9C4E938F-E3BE-8D16-45D0BAD68CDBE77.doc
                                                    [hrefDomain] => utica.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [16] => stdClass Object
                                                (
                                                    [text] => High-Technology Crime: Investigating Cases Involving Computers
                                                    [href] => https://archive.org/details/hightechnologycr0000rose
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [17] => stdClass Object
                                                (
                                                    [text] => "Best practices for Computer Forensics"
                                                    [href] => https://web.archive.org/web/20081227060158/http://www.swgde.org/documents/swgde2005/SWGDE%20Best%20Practices%20_Rev%20Sept%202004_.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [18] => stdClass Object
                                                (
                                                    [text] => the original
                                                    [href] => http://swgde.org/documents/swgde2005/SWGDE%20Best%20Practices%20_Rev%20Sept%202004_.pdf
                                                    [hrefDomain] => swgde.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [19] => stdClass Object
                                                (
                                                    [text] => "ISO/IEC 17025:2005"
                                                    [href] => http://www.iso.org/iso/catalogue_detail.htm?csnumber=39883
                                                    [hrefDomain] => iso.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [20] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20110805204943/http://www.iso.org/iso/catalogue_detail.htm?csnumber=39883
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [21] => stdClass Object
                                                (
                                                    [text] => "Mobile device analysis"
                                                    [href] => https://web.archive.org/web/20110728051616/http://www.ssddfj.org/papers/SSDDFJ_V2_1_Punja_Mislan.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [22] => stdClass Object
                                                (
                                                    [text] => the original
                                                    [href] => http://www.ssddfj.org/papers/SSDDFJ_V2_1_Punja_Mislan.pdf
                                                    [hrefDomain] => ssddfj.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [23] => stdClass Object
                                                (
                                                    [text] => "Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective"
                                                    [href] => http://www.csi-sigegov.org/emerging_pdf/34_312-323.pdf
                                                    [hrefDomain] => csi-sigegov.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [24] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20160303222523/http://www.csi-sigegov.org/emerging_pdf/34_312-323.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [25] => stdClass Object
                                                (
                                                    [text] => "The Joint Operating Environment"
                                                    [href] => http://www.jfcom.mil/newslink/storyarchive/2010/JOE_2010_o.pdf
                                                    [hrefDomain] => jfcom.mil
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [26] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20130810043238/http://www.jfcom.mil/newslink/storyarchive/2010/JOE_2010_o.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [27] => stdClass Object
                                                (
                                                    [text] => 2009adf5.conf...17B
                                                    [href] => https://ui.adsabs.harvard.edu/abs/2009adf5.conf...17B
                                                    [hrefDomain] => harvard.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [28] => stdClass Object
                                                (
                                                    [text] => 10.1007/978-3-642-04155-6_2
                                                    [href] => https://doi.org/10.1007%2F978-3-642-04155-6_2
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [29] => stdClass Object
                                                (
                                                    [text] => Computer and Intrusion Forensics
                                                    [href] => https://books.google.com/books?id=z4GLgpwsYrkC&q=IMDUMP&pg=PA115
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [30] => stdClass Object
                                                (
                                                    [text] => Forensic Laboratories: Handbook for Facility Planning, Design, Construction and Moving
                                                    [href] => https://books.google.com/books?id=NssTJiP_U1QC&q=sydex+safeback&pg=PA84
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [31] => stdClass Object
                                                (
                                                    [text] => "'The Advanced Data Acquisition Model (ADAM): A process model for digital forensic practice"
                                                    [href] => https://www.researchgate.net/publication/258224615
                                                    [hrefDomain] => researchgate.net
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [32] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20141114204845/http://researchrepository.murdoch.edu.au/14422/2/02Whole.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [33] => stdClass Object
                                                (
                                                    [text] => "'Electronic Crime Scene Investigation Guide: A Guide for First Responders"
                                                    [href] => https://www.ncjrs.gov/pdffiles1/nij/187736.pdf
                                                    [hrefDomain] => ncjrs.gov
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [34] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20100215040703/http://www.ncjrs.gov/pdffiles1/nij/187736.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [35] => stdClass Object
                                                (
                                                    [text] => "Catching the ghost: how to discover ephemeral evidence with Live RAM analysis"
                                                    [href] => http://forensic.belkasoft.com/en/live-ram-forensics
                                                    [hrefDomain] => belkasoft.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [36] => stdClass Object
                                                (
                                                    [text] => "'The emergence of cloud storage and the need for a new digital forensic process model"
                                                    [href] => http://researchrepository.murdoch.edu.au/19431/1/emergence_of_cloud_storage.pdf
                                                    [hrefDomain] => murdoch.edu.au
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [37] => stdClass Object
                                                (
                                                    [text] => "Technology Crime Investigation"
                                                    [href] => https://web.archive.org/web/20080517022757/http://www.daemon.be/maarten/forensics.html#dr
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [38] => stdClass Object
                                                (
                                                    [text] => the original
                                                    [href] => http://www.daemon.be/maarten/forensics.html#dr
                                                    [hrefDomain] => daemon.be
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [39] => stdClass Object
                                                (
                                                    [text] => "ISEEK, a tool for high speed, concurrent, distributed forensic data acquisition"
                                                    [href] => https://www.researchgate.net/publication/323308481
                                                    [hrefDomain] => researchgate.net
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [40] => stdClass Object
                                                (
                                                    [text] => 10.1145/1529282.1529471
                                                    [href] => https://doi.org/10.1145%2F1529282.1529471
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [41] => stdClass Object
                                                (
                                                    [text] => 5382101
                                                    [href] => https://api.semanticscholar.org/CorpusID:5382101
                                                    [hrefDomain] => semanticscholar.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [42] => stdClass Object
                                                (
                                                    [text] => Computer forensics: incident response essentials
                                                    [href] => https://archive.org/details/computerforensic0000krus/page/392
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [43] => stdClass Object
                                                (
                                                    [text] => 392
                                                    [href] => https://archive.org/details/computerforensic0000krus/page/392
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [44] => stdClass Object
                                                (
                                                    [text] => 10.1016/j.diin.2003.12.004
                                                    [href] => https://doi.org/10.1016%2Fj.diin.2003.12.004
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [45] => stdClass Object
                                                (
                                                    [text] => "Legal Aspects of Digital Forensics"
                                                    [href] => http://euro.ecom.cmu.edu/program/law/08-732/Evidence/RyanShpantzer.pdf
                                                    [hrefDomain] => cmu.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [46] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20110815212937/http://euro.ecom.cmu.edu/program/law/08-732/Evidence/RyanShpantzer.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [47] => stdClass Object
                                                (
                                                    [text] => 858 F. 2d 1427
                                                    [href] => https://scholar.google.co.uk/scholar_case?case=17436631095971908840&q=US+v.+Bonallo&hl=en&as_sdt=2002&as_vis=1
                                                    [hrefDomain] => google.co.uk
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [48] => stdClass Object
                                                (
                                                    [text] => "Federal Rules of Evidence #702"
                                                    [href] => https://web.archive.org/web/20100819114909/http://federalevidence.com/rules-of-evidence#Rule702
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [49] => stdClass Object
                                                (
                                                    [text] => the original
                                                    [href] => http://federalevidence.com/rules-of-evidence#Rule702
                                                    [hrefDomain] => federalevidence.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [50] => stdClass Object
                                                (
                                                    [text] => "Electronic Evidence Guide"
                                                    [href] => http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/Documents/Electronic%20Evidence%20Guide/default_en.asp
                                                    [hrefDomain] => coe.int
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [51] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20131227210748/http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/Documents/Electronic%20Evidence%20Guide/default_en.asp
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [52] => stdClass Object
                                                (
                                                    [text] => "Open Source Digital Forensic Tools: The Legal Argument"
                                                    [href] => http://www.digital-evidence.org/papers/opensrc_legal.pdf
                                                    [hrefDomain] => digital-evidence.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [53] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20110726000427/http://www.digital-evidence.org/papers/opensrc_legal.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [54] => stdClass Object
                                                (
                                                    [text] => "Validation of Forensic Tools and Software: A Quick Guide for the Digital Forensic Examiner"
                                                    [href] => http://www.forensicmag.com/article/2011/03/validation-forensic-tools-and-software-quick-guide-digital-forensic-examiner
                                                    [hrefDomain] => forensicmag.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [55] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20170422033752/http://www.forensicmag.com/article/2011/03/validation-forensic-tools-and-software-quick-guide-digital-forensic-examiner
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [56] => stdClass Object
                                                (
                                                    [text] => "Ayers"
                                                    [href] => http://csrc.nist.gov/publications/nistpubs/800-72/sp800-72.pdf
                                                    [hrefDomain] => nist.gov
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [57] => stdClass Object
                                                (
                                                    [text] => 10.6028/NIST.SP.800-72
                                                    [href] => https://doi.org/10.6028%2FNIST.SP.800-72
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [58] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20060212052654/http://csrc.nist.gov/publications/nistpubs/800-72/sp800-72.pdf
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [59] => stdClass Object
                                                (
                                                    [text] => 10.1109/MSECP.2003.1219052
                                                    [href] => https://doi.org/10.1109%2FMSECP.2003.1219052
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [60] => stdClass Object
                                                (
                                                    [text] => "Technology Crime Investigation :: Mobile forensics"
                                                    [href] => https://web.archive.org/web/20080517022757/http://www.daemon.be/maarten/forensics.html#mob
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [61] => stdClass Object
                                                (
                                                    [text] => the original
                                                    [href] => http://www.daemon.be/maarten/forensics.html#mob
                                                    [hrefDomain] => daemon.be
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [62] => stdClass Object
                                                (
                                                    [text] => "2 Russians Face Hacking Charges"
                                                    [href] => http://www.themoscowtimes.com/news/article/2-russians-face-hacking-charges/253844.html
                                                    [hrefDomain] => themoscowtimes.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [63] => stdClass Object
                                                (
                                                    [text] => Archived
                                                    [href] => https://web.archive.org/web/20110622115054/http://www.themoscowtimes.com/news/article/2-russians-face-hacking-charges/253844.html
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [64] => stdClass Object
                                                (
                                                    [text] => 10.1016/j.diin.2008.10.001
                                                    [href] => https://doi.org/10.1016%2Fj.diin.2008.10.001
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [65] => stdClass Object
                                                (
                                                    [text] => 10.1145/1113034.1113069
                                                    [href] => https://doi.org/10.1145%2F1113034.1113069
                                                    [hrefDomain] => doi.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [66] => stdClass Object
                                                (
                                                    [text] => 16829457
                                                    [href] => https://api.semanticscholar.org/CorpusID:16829457
                                                    [hrefDomain] => semanticscholar.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [67] => stdClass Object
                                                (
                                                    [text] => Digital crime and forensic science in cyberspace
                                                    [href] => https://books.google.com/books?id=oK_oYhTPW2gC
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [68] => stdClass Object
                                                (
                                                    [text] => Building a Digital Forensic Laboratory
                                                    [href] => https://books.google.com/books?id=F5IU7XXKwCQC
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [69] => stdClass Object
                                                (
                                                    [text] => Digital forensics: digital evidence in criminal investigation
                                                    [href] => https://books.google.com/books?id=MC0FPQAACAAJ
                                                    [hrefDomain] => google.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [70] => stdClass Object
                                                (
                                                    [text] => Journal of Digital Forensics, Security and Law
                                                    [href] => http://www.jdfsl.org/
                                                    [hrefDomain] => jdfsl.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [71] => stdClass Object
                                                (
                                                    [text] => International Journal of Digital Crime and Forensics
                                                    [href] => http://www.igi-global.com/bookstore/titledetails.aspx?TitleId=1112&DetailsType=Description
                                                    [hrefDomain] => igi-global.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [72] => stdClass Object
                                                (
                                                    [text] => Journal of Digital Investigation
                                                    [href] => http://www.elsevier.com/wps/find/journaldescription.cws_home/702130/description#description
                                                    [hrefDomain] => elsevier.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [73] => stdClass Object
                                                (
                                                    [text] => International Journal of Digital Evidence
                                                    [href] => https://web.archive.org/web/20100905202407/http://www.utica.edu/academic/institutes/ecii/ijde/
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [74] => stdClass Object
                                                (
                                                    [text] => International Journal of Forensic Computer Science
                                                    [href] => http://www.ijofcs.org/
                                                    [hrefDomain] => ijofcs.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [75] => stdClass Object
                                                (
                                                    [text] => Journal of Digital Forensic Practice
                                                    [href] => http://www.tandf.co.uk/journals/titles/15567281.asp
                                                    [hrefDomain] => tandf.co.uk
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [76] => stdClass Object
                                                (
                                                    [text] => Small Scale Digital Device Forensic Journal
                                                    [href] => https://web.archive.org/web/20080222030859/http://www.ssddfj.org/
                                                    [hrefDomain] => archive.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [77] => stdClass Object
                                                (
                                                    [text] => digital forensics
                                                    [href] => https://en.wiktionary.org/wiki/Special:Search/digital_forensics
                                                    [hrefDomain] => wiktionary.org
                                                    [isOutbound] => 1
                                                )

                                            [78] => stdClass Object
                                                (
                                                    [text] => Digital forensics
                                                    [href] => https://en.wikibooks.org/wiki/Special:Search/Digital_forensics
                                                    [hrefDomain] => wikibooks.org
                                                    [isOutbound] => 1
                                                )

                                            [79] => stdClass Object
                                                (
                                                    [text] => Scientific Working Group on Digital Evidence
                                                    [href] => https://www.swgde.org/
                                                    [hrefDomain] => swgde.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [80] => stdClass Object
                                                (
                                                    [text] => Digital Forensics Case Studies
                                                    [href] => https://www.qccglobal.com/case-studies/cyber-forensics/
                                                    [hrefDomain] => qccglobal.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [81] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.wikidata.org/wiki/Q3246940#identifiers
                                                    [hrefDomain] => wikidata.org
                                                    [isOutbound] => 1
                                                )

                                            [82] => stdClass Object
                                                (
                                                    [text] => United States
                                                    [href] => https://id.loc.gov/authorities/subjects/sh2018000110
                                                    [hrefDomain] => loc.gov
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [83] => stdClass Object
                                                (
                                                    [text] => Microsoft Academic
                                                    [href] => https://academic.microsoft.com/v2/detail/84418412
                                                    [hrefDomain] => microsoft.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Contents. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => History[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => 1980s–1990s: Growth of the field[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => 2000s: Developing standards[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Development of forensic tools[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Forensic process[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Application[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Limitations[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Legal considerations[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Digital evidence[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Investigative tools[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Branches[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Computer forensics[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Mobile device forensics[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Network forensics[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Forensic data analysis[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Database forensics[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Artificial Intelligence and its Role in Digital Forensics[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => See also[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => References[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [9] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Further reading[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Related journals[edit]. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [10] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => External links[edit]. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [11] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Navigation menu. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => 
				Search
			. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://upload.wikimedia.org/wikipedia/commons/thumb/7/7a/Hard_disk.jpg/1200px-Hard_disk.jpg
                                )

                            [schema_type] => Array
                                (
                                    [0] => Article
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Digital forensics From Wikipedia, the free encyclopedia Jump to navigation Jump to search Branch of forensic science Part of a series onForensic science Physiological Anthropology Biology Bloodstain pattern analysis Dentistry DNA phenotyping DNA profiling Entomology Epidemiology Limnology Medicine Palynology Pathology Podiatry Toxicology Social Psychiatry Psychology Psychotherapy Social work Criminalistics Accounting Body identification Chemistry Colorimetry Election forensics Facial reconstruction Fingerprint analysis Firearm examination Footwear evidence Forensic arts Profiling Gloveprint analysis Palmprint analysis Questioned document examination Vein matching Forensic geophysics Forensic geology Digital forensics Computer exams Data analysis Database study Malware analysis Mobile devices Network analysis Photography Video analysis Audio analysis Related disciplines Electrical engineering Engineering Fire investigation Fire accelerant detection Fractography Linguistics Materials engineering Polymer engineering Statistics Traffic collision reconstruction Related articles Crime scene CSI effect Perry Mason syndrome Pollen calendar Skid mark Trace evidence Use of DNA inforensic entomology Outline Categoryvte Aerial photo of FLETC, where US digital forensics standards were developed in the 1980s and '90s Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices, often in relation to mobile devices and computer crime.[1][2] The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data.[1] With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts. Criminal cases involve the alleged breaking of laws that are defined by legislation and that are enforced by the police and prosecuted by the state, such as murder, theft and assault against the person. Civil cases on the other hand deal with protecting the rights and property of individuals (often associated with family disputes) but may also be concerned with contractual disputes between commercial entities where a form of digital forensics referred to as electronic discovery (ediscovery) may be involved. Forensics may also feature in the private sector; such as during internal corporate investigations or intrusion investigation (a specialist probe into the nature and extent of an unauthorized network intrusion). The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence. As well as identifying direct evidence of a crime, digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example, in copyright cases), or authenticate documents.[3] Investigations are much broader in scope than other areas of forensic analysis (where the usual aim is to provide answers to a series of simpler questions) often involving complex time-lines or hypotheses.[4] Contents. 1 History 1.1 1980s–1990s: Growth of the field 1.2 2000s: Developing standards 1.3 Development of forensic tools 2 Forensic process 3 Application 3.1 Limitations 4 Legal considerations 4.1 Digital evidence 4.2 Investigative tools 5 Branches 5.1 Computer forensics 5.2 Mobile device forensics 5.3 Network forensics 5.4 Forensic data analysis 5.5 Database forensics 6 Artificial Intelligence and its Role in Digital Forensics 7 See also 8 References 9 Further reading 9.1 Related journals 10 External links History[edit]. Prior to the 1970s crimes involving computers were dealt with using existing laws. The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system.[5][6] Over the next few years the range of computer crimes being committed increased, and laws were passed to deal with issues of copyright, privacy/harassment (e.g., cyber bullying, happy slapping, cyber stalking, and online predators) and child pornography.[7][8] It was not until the 1980s that federal laws began to incorporate computer offences. Canada was the first country to pass legislation in 1983.[6] This was followed by the US Federal Computer Fraud and Abuse Act in 1986, Australian amendments to their crimes acts in 1989 and the British Computer Misuse Act in 1990.[6][8] 1980s–1990s: Growth of the field[edit]. The growth in computer crime during the 1980s and 1990s caused law enforcement agencies to begin establishing specialized groups, usually at the national level, to handle the technical aspects of investigations. For example, in 1984 the FBI launched a Computer Analysis and Response Team and the following year a computer crime department was set up within the British Metropolitan Police fraud squad. As well as being law enforcement professionals, many of the early members of these groups were also computer hobbyists and became responsible for the field's initial research and direction.[9][10] One of the first practical (or at least publicized) examples of digital forensics was Cliff Stoll's pursuit of hacker Markus Hess in 1986. Stoll, whose investigation made use of computer and network forensic techniques, was not a specialized examiner.[11] Many of the earliest forensic examinations followed the same profile.[12] Throughout the 1990s there was high demand for these new, and basic, investigative resources. The strain on central units lead to the creation of regional, and even local, level groups to help handle the load. For example, the British National Hi-Tech Crime Unit was set up in 2001 to provide a national infrastructure for computer crime; with personnel located both centrally in London and with the various regional police forces (the unit was folded into the Serious Organised Crime Agency (SOCA) in 2006).[10] During this period the science of digital forensics grew from the ad-hoc tools and techniques developed by these hobbyist practitioners. This is in contrast to other forensics disciplines which developed from work by the scientific community.[1][13] It was not until 1992 that the term "computer forensics" was used in academic literature (although prior to this it had been in informal use); a paper by Collier and Spaul attempted to justify this new discipline to the forensic science world.[14][15] This swift development resulted in a lack of standardization and training. In his 1995 book, "High-Technology Crime: Investigating Cases Involving Computers", K. Rosenblatt wrote: Seizing, preserving, and analyzing evidence stored on a computer is the greatest forensic challenge facing law enforcement in the 1990s. Although most forensic tests, such as fingerprinting and DNA testing, are performed by specially trained experts the task of collecting and analyzing computer evidence is often assigned to patrol officers and detectives.[16] 2000s: Developing standards[edit]. Since 2000, in response to the need for standardization, various bodies and agencies have published guidelines for digital forensics. The Scientific Working Group on Digital Evidence (SWGDE) produced a 2002 paper, "Best practices for Computer Forensics", this was followed, in 2005, by the publication of an ISO standard (ISO 17025, General requirements for the competence of testing and calibration laboratories).[6][17][18] A European led international treaty, the Convention on Cybercrime, came into force in 2004 with the aim of reconciling national computer crime laws, investigative techniques and international co-operation. The treaty has been signed by 43 nations (including the US, Canada, Japan, South Africa, UK and other European nations) and ratified by 16. The issue of training also received attention. Commercial companies (often forensic software developers) began to offer certification programs and digital forensic analysis was included as a topic at the UK specialist investigator training facility, Centrex.[6][10] Since the late 1990s mobile devices have become more widely available, advancing beyond simple communication devices, and have been found to be rich forms of information, even for crime not traditionally associated with digital forensics.[19] Despite this, digital analysis of phones has lagged behind traditional computer media, largely due to problems over the proprietary nature of devices.[20] Focus has also shifted onto internet crime, particularly the risk of cyber warfare and cyberterrorism. A February 2010 report by the United States Joint Forces Command concluded: Through cyberspace, enemies will target industry, academia, government, as well as the military in the air, land, maritime, and space domains. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication.[21] The field of digital forensics still faces unresolved issues. A 2009 paper, "Digital Forensic Research: The Good, the Bad and the Unaddressed", by Peterson and Shenoi identified a bias towards Windows operating systems in digital forensics research.[22] In 2010 Simson Garfinkel identified issues facing digital investigations in the future, including the increasing size of digital media, the wide availability of encryption to consumers, a growing variety of operating systems and file formats, an increasing number of individuals owning multiple devices, and legal limitations on investigators. The paper also identified continued training issues, as well as the prohibitively high cost of entering the field.[11] Development of forensic tools[edit]. Main article: List of digital forensics tools During the 1980s very few specialized digital forensic tools existed, and consequently investigators often performed live analysis on media, examining computers from within the operating system using existing sysadmin tools to extract evidence. This practice carried the risk of modifying data on the disk, either inadvertently or otherwise, which led to claims of evidence tampering. A number of tools were created during the early 1990s to address the problem. The need for such software was first recognized in 1989 at the Federal Law Enforcement Training Center, resulting in the creation of IMDUMP [23](by Michael White) and in 1990, SafeBack [24](developed by Sydex). Similar software was developed in other countries; DIBS (a hardware and software solution) was released commercially in the UK in 1991, and Rob McKemmish released Fixed Disk Image free to Australian law enforcement.[9] These tools allowed examiners to create an exact copy of a piece of digital media to work on, leaving the original disk intact for verification. By the end of the 1990s, as demand for digital evidence grew more advanced commercial tools such as EnCase and FTK were developed, allowing analysts to examine copies of media without using any live forensics.[6] More recently, a trend towards "live memory forensics" has grown resulting in the availability of tools such as WindowsSCOPE. More recently, the same progression of tool development has occurred for mobile devices; initially investigators accessed data directly on the device, but soon specialist tools such as XRY or Radio Tactics Aceso appeared.[6] Forensic process[edit]. A portable Tableau write-blocker attached to a hard drive Main article: Digital forensic process A digital forensic investigation commonly consists of 3 stages: acquisition or imaging of exhibits,[25] analysis, and reporting.[6][26] Ideally acquisition involves capturing an image of the computer's volatile memory (RAM)[27] and creating an exact sector level duplicate (or "forensic duplicate") of the media, often using a write blocking device to prevent modification of the original. However, the growth in size of storage media and developments such as cloud computing [28] have led to more use of 'live' acquisitions whereby a 'logical' copy of the data is acquired rather than a complete image of the physical storage device.[25] Both acquired image (or logical copy) and original media/data are hashed (using an algorithm such as SHA-1 or MD5) and the values compared to verify the copy is accurate.[29] An alternative (and patented) approach (that has been dubbed 'hybrid forensics'[30] or 'distributed forensics'[31]) combines digital forensics and ediscovery processes. This approach has been embodied in a commercial tool called ISEEK that was presented together with test results at a conference in 2017.[30] During the analysis phase an investigator recovers evidence material using a number of different methodologies and tools. In 2002, an article in the International Journal of Digital Evidence referred to this step as "an in-depth systematic search of evidence related to the suspected crime."[1] In 2006, forensics researcher Brian Carrier described an "intuitive procedure" in which obvious evidence is first identified and then "exhaustive searches are conducted to start filling in the holes."[4] The actual process of analysis can vary between investigations, but common methodologies include conducting keyword searches across the digital media (within files as well as unallocated and slack space), recovering deleted files and extraction of registry information (for example to list user accounts, or attached USB devices). The evidence recovered is analysed to reconstruct events or actions and to reach conclusions, work that can often be performed by less specialised staff.[1] When an investigation is complete the data is presented, usually in the form of a written report, in lay persons' terms.[1] Application[edit]. An example of an image's Exif metadata that might be used to prove its origin Digital forensics is commonly used in both criminal law and private investigation. Traditionally it has been associated with criminal law, where evidence is collected to support or oppose a hypothesis before the courts. As with other areas of forensics this is often a part of a wider investigation spanning a number of disciplines. In some cases, the collected evidence is used as a form of intelligence gathering, used for other purposes than court proceedings (for example to locate, identify or halt other crimes). As a result, intelligence gathering is sometimes held to a less strict forensic standard. In civil litigation or corporate matters digital forensics forms part of the electronic discovery (or eDiscovery) process. Forensic procedures are similar to those used in criminal investigations, often with different legal requirements and limitations. Outside of the courts digital forensics can form a part of internal corporate investigations. A common example might be following unauthorized network intrusion. A specialist forensic examination into the nature and extent of the attack is performed as a damage limitation exercise, both to establish the extent of any intrusion and in an attempt to identify the attacker.[3][4] Such attacks were commonly conducted over phone lines during the 1980s, but in the modern era are usually propagated over the Internet.[32] The main focus of digital forensics investigations is to recover objective evidence of a criminal activity (termed actus reus in legal parlance). However, the diverse range of data held in digital devices can help with other areas of inquiry.[3] Attribution Meta data and other logs can be used to attribute actions to an individual. For example, personal documents on a computer drive might identify its owner. Alibis and statements Information provided by those involved can be cross checked with digital evidence. For example, during the investigation into the Soham murders the offender's alibi was disproved when mobile phone records of the person he claimed to be with showed she was out of town at the time. Intent As well as finding objective evidence of a crime being committed, investigations can also be used to prove the intent (known by the legal term mens rea). For example, the Internet history of convicted killer Neil Entwistle included references to a site discussing How to kill people. Evaluation of source File artifacts and meta-data can be used to identify the origin of a particular piece of data; for example, older versions of Microsoft Word embedded a Global Unique Identifier into files which identified the computer it had been created on. Proving whether a file was produced on the digital device being examined or obtained from elsewhere (e.g., the Internet) can be very important.[3] Document authentication Related to "Evaluation of source," meta data associated with digital documents can be easily modified (for example, by changing the computer clock you can affect the creation date of a file). Document authentication relates to detecting and identifying falsification of such details. Limitations[edit]. One major limitation to a forensic investigation is the use of encryption; this disrupts initial examination where pertinent evidence might be located using keywords. Laws to compel individuals to disclose encryption keys are still relatively new and controversial.[11] but always more frequently there are solutions to brute force passwords or bypass encryption, such as in smartphones or PCs where by means of bootloader techniques the content of the device can be first acquired and later forced in order to find the password or encryption key. Legal considerations[edit]. The examination of digital media is covered by national and international legislation. For civil investigations, in particular, laws may restrict the abilities of analysts to undertake examinations. Restrictions against network monitoring, or reading of personal communications often exist.[33] During criminal investigation, national laws restrict how much information can be seized.[33] For example, in the United Kingdom seizure of evidence by law enforcement is governed by the PACE act.[6] During its existence early in the field, the "International Organization on Computer Evidence" (IOCE) was one agency that worked to establish compatible international standards for the seizure of evidence.[34] In the UK the same laws covering computer crime can also affect forensic investigators. The 1990 Computer Misuse Act legislates against unauthorised access to computer material; this is a particular concern for civil investigators who have more limitations than law enforcement. An individual's right to privacy is one area of digital forensics which is still largely undecided by courts. The US Electronic Communications Privacy Act places limitations on the ability of law enforcement or civil investigators to intercept and access evidence. The act makes a distinction between stored communication (e.g. email archives) and transmitted communication (such as VOIP). The latter, being considered more of a privacy invasion, is harder to obtain a warrant for.[6][16] The ECPA also affects the ability of companies to investigate the computers and communications of their employees, an aspect that is still under debate as to the extent to which a company can perform such monitoring.[6] Article 5 of the European Convention on Human Rights asserts similar privacy limitations to the ECPA and limits the processing and sharing of personal data both within the EU and with external countries. The ability of UK law enforcement to conduct digital forensics investigations is legislated by the Regulation of Investigatory Powers Act.[6] Digital evidence[edit]. Digital evidence can come in a number of forms Main article: Digital evidence When used in a court of law digital evidence falls under the same legal guidelines as other forms of evidence; courts do not usually require more stringent guidelines.[6][35] In the United States the Federal Rules of Evidence are used to evaluate the admissibility of digital evidence, the United Kingdom PACE and Civil Evidence acts have similar guidelines and many other countries have their own laws. US federal laws restrict seizures to items with only obvious evidential value. This is acknowledged as not always being possible to establish with digital media prior to an examination.[33] Laws dealing with digital evidence are concerned with two issues: integrity and authenticity. Integrity is ensuring that the act of seizing and acquiring digital media does not modify the evidence (either the original or the copy). Authenticity refers to the ability to confirm the integrity of information; for example that the imaged media matches the original evidence.[33] The ease with which digital media can be modified means that documenting the chain of custody from the crime scene, through analysis and, ultimately, to the court, (a form of audit trail) is important to establish the authenticity of evidence.[6] Attorneys have argued that because digital evidence can theoretically be altered it undermines the reliability of the evidence. US judges are beginning to reject this theory, in the case US v. Bonallo the court ruled that "the fact that it is possible to alter data contained in a computer is plainly insufficient to establish untrustworthiness."[6][36] In the United Kingdom guidelines such as those issued by ACPO are followed to help document the authenticity and integrity of evidence. Digital investigators, particularly in criminal investigations, have to ensure that conclusions are based upon factual evidence and their own expert knowledge.[6] In the US, for example, Federal Rules of Evidence state that a qualified expert may testify “in the form of an opinion or otherwise” so long as: (1) the testimony is based upon sufficient facts or data, (2) the testimony is the product of reliable principles and methods, and (3) the witness has applied the principles and methods reliably to the facts of the case.[37] The sub-branches of digital forensics may each have their own specific guidelines for the conduct of investigations and the handling of evidence. For example, mobile phones may be required to be placed in a Faraday shield during seizure or acquisition to prevent further radio traffic to the device. In the UK forensic examination of computers in criminal matters is subject to ACPO guidelines.[6] There are also international approaches to providing guidance on how to handle electronic evidence. The "Electronic Evidence Guide" by the Council of Europe offers a framework for law enforcement and judicial authorities in countries who seek to set up or enhance their own guidelines for the identification and handling of electronic evidence.[38] Investigative tools[edit]. The admissibility of digital evidence relies on the tools used to extract it. In the US, forensic tools are subjected to the Daubert standard, where the judge is responsible for ensuring that the processes and software used were acceptable. In a 2003 paper Brian Carrier argued that the Daubert guidelines required the code of forensic tools to be published and peer reviewed. He concluded that "open source tools may more clearly and comprehensively meet the guideline requirements than would closed source tools."[39] In 2011 Josh Brunty stated that the scientific validation of the technology and software associated with performing a digital forensic examination is critical to any laboratory process. He argued that "the science of digital forensics is founded on the principles of repeatable processes and quality evidence therefore knowing how to design and properly maintain a good validation process is a key requirement for any digital forensic examiner to defend their methods in court." "[40] Branches[edit]. Digital forensics investigation is not restricted to retrieve data merely from the computer, as laws are breached by the criminals and small digital devices (e.g. tablets, smartphones, flash drives) are now extensively used. Some of these devices have volatile memory while some have non-volatile memory. Sufficient methodologies are available to retrieve data from volatile memory, however, there is lack of detailed methodology or a framework for data retrieval from non-volatile memory sources.[41] Depending on the type of devices, media or artifacts, digital forensics investigation is branched into various types. Computer forensics[edit]. Main article: Computer forensics Private Investigator & Certified Digital Forensics Examiner imaging a hard drive in the field for forensic examination. The goal of computer forensics is to explain the current state of a digital artifact; such as a computer system, storage medium or electronic document.[42] The discipline usually covers computers, embedded systems (digital devices with rudimentary computing power and onboard memory) and static memory (such as USB pen drives). Computer forensics can deal with a broad range of information; from logs (such as internet history) through to the actual files on the drive. In 2007 prosecutors used a spreadsheet recovered from the computer of Joseph Edward Duncan to show premeditation and secure the death penalty.[3] Sharon Lopatka's killer was identified in 2006 after email messages from him detailing torture and death fantasies were found on her computer.[6] Mobile device forensics[edit]. Main article: Mobile device forensics Mobile phones in a UK Evidence bag Mobile device forensics is a sub-branch of digital forensics relating to recovery of digital evidence or data from a mobile device. It differs from Computer forensics in that a mobile device will have an inbuilt communication system (e.g. GSM) and, usually, proprietary storage mechanisms. Investigations usually focus on simple data such as call data and communications (SMS/Email) rather than in-depth recovery of deleted data.[6][43] SMS data from a mobile device investigation helped to exonerate Patrick Lumumba in the murder of Meredith Kercher.[3] Mobile devices are also useful for providing location information; either from inbuilt gps/location tracking or via cell site logs, which track the devices within their range. Such information was used to track down the kidnappers of Thomas Onofri in 2006.[3] Network forensics[edit]. Main article: Network forensics Network forensics is concerned with the monitoring and analysis of computer network traffic, both local and WAN/internet, for the purposes of information gathering, evidence collection, or intrusion detection.[44] Traffic is usually intercepted at the packet level, and either stored for later analysis or filtered in real-time. Unlike other areas of digital forensics network data is often volatile and rarely logged, making the discipline often reactionary. In 2000 the FBI lured computer hackers Aleksey Ivanov and Gorshkov to the United States for a fake job interview. By monitoring network traffic from the pair's computers, the FBI identified passwords allowing them to collect evidence directly from Russian-based computers.[6][45] Forensic data analysis[edit]. Main article: Forensic data analysis Forensic Data Analysis is a branch of digital forensics. It examines structured data with the aim to discover and analyse patterns of fraudulent activities resulting from financial crime. Database forensics[edit]. Main article: Database forensics Database forensics is a branch of digital forensics relating to the forensic study of databases and their metadata.[46] Investigations use database contents, log files and in-RAM data to build a timeline or recover relevant information. Artificial Intelligence and its Role in Digital Forensics[edit]. Artificial intelligence (AI) is a well-established area that facilitates dealing with computationally complex and large problems. As the process of digital forensics requires analyzing a large amount of complex data; therefore, AI is considered to be an ideal approach for dealing with several issues and challenges currently existing in digital forensics. Among the most important concepts in different AI systems are associated with the ontology, representation and structuring of knowledge. AI has the potential for providing the necessary expertise and helps in the standardization, management and exchange of a large amount of data, information and knowledge in the forensic domain. The existing digital forensic systems are not efficient to save and store all these multiple formats of data and are not enough to handle such vast and complex data thus they do require human interaction which means the chances of delay and errors exist. But with the innovation of machine learning, this occurrence of error or delay can be prevented. The system is designed in a way that it can help detect errors but in a much faster pace and with accuracy. Several types of research have highlighted the role of different AI techniques and their benefits in providing a framework for storing and analyzing digital evidence. Among these AI techniques include machine learning (ML), NLP, speech and image detection recognition while each of these techniques has its own benefits. For instance, ML provides systems with the ability of learning and improving without being clearly programmed, such as image processing and medical diagnosis. Furthermore, NLP techniques help in extracting the information from textual data such as in the process of file fragmentation. See also[edit]. List of digital forensics tools Cyberspace Forensic search Glossary of digital forensics terms Outline of forensic science References[edit]. ^ a b c d e f M Reith; C Carr; G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence. CiteSeerX 10.1.1.13.9683. Cite journal requires |journal= (help) ^ Carrier, B (2001). "Defining digital forensic examination and analysis tools". International Journal of Digital Evidence. 1: 2003. CiteSeerX 10.1.1.14.8953. ^ a b c d e f g Various (2009). Eoghan Casey (ed.). Handbook of Digital Forensics and Investigation. Academic Press. p. 567. ISBN 978-0-12-374267-4. ^ a b c Carrier, Brian D (7 June 2006). "Basic Digital Forensic Investigation Concepts". Archived from the original on 26 February 2010. ^ "Florida Computer Crimes Act". Archived from the original on 12 June 2010. Retrieved 31 August 2010. ^ a b c d e f g h i j k l m n o p q r s t Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 978-0-12-163104-8. ^ Aaron Phillip; David Cowen; Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. p. 544. ISBN 978-0-07-162677-4. Retrieved 27 August 2010. ^ a b M, M. E. "A Brief History of Computer Crime: A" (PDF). Norwich University. Archived (PDF) from the original on 21 August 2010. Retrieved 30 August 2010. ^ a b Mohay, George M. (2003). Computer and intrusion forensics. Artechhouse. p. 395. ISBN 978-1-58053-369-0. ^ a b c Peter Sommer (January 2004). "The future for the policing of cybercrime". Computer Fraud & Security. 2004 (1): 8–12. doi:10.1016/S1361-3723(04)00017-X. ISSN 1361-3723. ^ a b c Simson L. Garfinkel (August 2010). "Digital forensics research: The next 10 years". Digital Investigation. 7: S64–S73. doi:10.1016/j.diin.2010.05.009. ISSN 1742-2876. ^ Linda Volonino; Reynaldo Anzaldua (2008). Computer forensics for dummies. For Dummies. p. 384. ISBN 978-0-470-37191-6. ^ GL Palmer; I Scientist; H View (2002). "Forensic analysis in the digital world". International Journal of Digital Evidence. Retrieved 2 August 2010. ^ Wilding, E. (1997). Computer Evidence: a Forensic Investigations Handbook. London: Sweet & Maxwell. p. 236. ISBN 978-0-421-57990-3. ^ Collier, P.A.; Spaul, B.J. (1992). "A forensic methodology for countering computer crime". Computers and Law. ^ a b K S Rosenblatt (1995). High-Technology Crime: Investigating Cases Involving Computers. KSK Publications. ISBN 978-0-9648171-0-4. Retrieved 4 August 2010. ^ "Best practices for Computer Forensics" (PDF). SWGDE. Archived from the original (PDF) on 27 December 2008. Retrieved 4 August 2010. ^ "ISO/IEC 17025:2005". ISO. Archived from the original on 5 August 2011. Retrieved 20 August 2010. ^ SG Punja (2008). "Mobile device analysis" (PDF). Small Scale Digital Device Forensics Journal. Archived from the original (PDF) on 2011-07-28. ^ Rizwan Ahmed (2008). "Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective" (PDF). 6th International Conference on E-Governance. Archived (PDF) from the original on 2016-03-03. ^ "The Joint Operating Environment" Archived 2013-08-10 at the Wayback Machine, Report released, 18 February 2010, pp. 34–36 ^ Peterson, Gilbert; Shenoi, Sujeet (2009). Digital Forensic Research: The Good, the Bad and the Unaddressed. Advances in Digital Forensics V. IFIP Advances in Information and Communication Technology. 306. Springer Boston. pp. 17–36. Bibcode:2009adf5.conf...17B. doi:10.1007/978-3-642-04155-6_2. ISBN 978-3-642-04154-9. ^ Mohay, George M. (2003). Computer and Intrusion Forensics. Artech House. ISBN 9781580536301. ^ Fatah, Alim A.; Higgins, Kathleen M. (February 1999). Forensic Laboratories: Handbook for Facility Planning, Design, Construction and Moving. DIANE Publishing. ISBN 9780788176241. ^ a b Adams, Richard (2013). "'The Advanced Data Acquisition Model (ADAM): A process model for digital forensic practice". Murdoch University. Archived (PDF) from the original on 2014-11-14. ^ "'Electronic Crime Scene Investigation Guide: A Guide for First Responders" (PDF). National Institute of Justice. 2001. Archived (PDF) from the original on 2010-02-15. ^ "Catching the ghost: how to discover ephemeral evidence with Live RAM analysis". Belkasoft Research. 2013. ^ Adams, Richard (2013). "'The emergence of cloud storage and the need for a new digital forensic process model" (PDF). Murdoch University. ^ Maarten Van Horenbeeck (24 May 2006). "Technology Crime Investigation". Archived from the original on 17 May 2008. Retrieved 17 August 2010. ^ a b Richard, Adams; Graham, Mann; Valerie, Hobbs (2017). "ISEEK, a tool for high speed, concurrent, distributed forensic data acquisition". Cite journal requires |journal= (help) ^ Hoelz, Bruno W. P.; Ralha, Célia Ghedini; Geeverghese, Rajiv (2009-03-08). Artificial intelligence applied to computer forensics. ACM. pp. 883–888. doi:10.1145/1529282.1529471. ISBN 9781605581668. S2CID 5382101. ^ Warren G. Kruse; Jay G. Heiser (2002). Computer forensics: incident response essentials. Addison-Wesley. p. 392. ISBN 978-0-201-70719-9. ^ a b c d Sarah Mocas (February 2004). "Building theoretical underpinnings for digital forensics research". Digital Investigation. 1 (1): 61–68. CiteSeerX 10.1.1.7.7070. doi:10.1016/j.diin.2003.12.004. ISSN 1742-2876. ^ Kanellis, Panagiotis (2006). Digital crime and forensic science in cyberspace. Idea Group Inc (IGI). p. 357. ISBN 978-1-59140-873-4. ^ Daniel J. Ryan; Gal Shpantzer. "Legal Aspects of Digital Forensics" (PDF). Archived (PDF) from the original on 15 August 2011. Retrieved 31 August 2010. ^ US v. Bonallo, 858 F. 2d 1427 (9th Cir. 1988). ^ "Federal Rules of Evidence #702". Archived from the original on 19 August 2010. Retrieved 23 August 2010. ^ "Electronic Evidence Guide". Council of Europe. April 2013. Archived from the original on 2013-12-27. ^ Brian Carrier (October 2002). "Open Source Digital Forensic Tools: The Legal Argument" (PDF). @stake Research Report. Archived (PDF) from the original on 2011-07-26. ^ Brunty, Josh (March 2011). "Validation of Forensic Tools and Software: A Quick Guide for the Digital Forensic Examiner". Forensic Magazine. Archived from the original on 2017-04-22. ^ Jansen, Wayne (2004). "Ayers" (PDF). NIST Special Publication. NIST. doi:10.6028/NIST.SP.800-72. Archived (PDF) from the original on 12 February 2006. Retrieved 26 February 2006. ^ A Yasinsac; RF Erbacher; DG Marks; MM Pollitt (2003). "Computer forensics education". IEEE Security & Privacy. 1 (4): 15–23. doi:10.1109/MSECP.2003.1219052. ^ "Technology Crime Investigation :: Mobile forensics". Archived from the original on 17 May 2008. Retrieved 18 August 2010. ^ Gary Palmer, A Road Map for Digital Forensic Research, Report from DFRWS 2001, First Digital Forensic Research Workshop, Utica, New York, 7–8 August 2001, Page(s) 27–30 ^ "2 Russians Face Hacking Charges". Moscow Times. 24 April 2001. Archived from the original on 22 June 2011. Retrieved 3 September 2010. ^ Olivier, Martin S. (March 2009). "On metadata context in Database Forensics". Digital Investigation. 5 (3–4): 115–123. CiteSeerX 10.1.1.566.7390. doi:10.1016/j.diin.2008.10.001. Further reading[edit]. Årnes, André (2018). Digital Forensics. Wiley et al. ISBN 978-1-119-26238-1. Carrier, Brian D. (February 2006). "Risks of live digital forensic analysis". Communications of the ACM. 49 (2): 56–61. doi:10.1145/1113034.1113069. ISSN 0001-0782. S2CID 16829457. Crowley, Paul. CD and DVD Forensics. Rockland, MA: Syngress. ISBN 978-1597491280. Kanellis, Panagiotis (1 January 2006). Digital crime and forensic science in cyberspace. IGI Publishing. p. 357. ISBN 978-1-59140-873-4. Jones, Andrew (2008). Building a Digital Forensic Laboratory. Butterworth-Heinemann. p. 312. ISBN 978-1-85617-510-4. Marshell, Angus M. (2008). Digital forensics: digital evidence in criminal investigation. Wiley-Blackwell. p. 148. ISBN 978-0-470-51775-8. Sammons, John (2012). The basics of digital forensics: the primer for getting started in digital forensics. Syngress. ISBN 978-1597496612. Related journals[edit]. Journal of Digital Forensics, Security and Law International Journal of Digital Crime and Forensics Journal of Digital Investigation International Journal of Digital Evidence International Journal of Forensic Computer Science Journal of Digital Forensic Practice Small Scale Digital Device Forensic Journal External links[edit]. Look up digital forensics in Wiktionary, the free dictionary. Wikibooks has more on the topic of: Digital forensics Scientific Working Group on Digital Evidence Digital Forensics Case Studies vteDigital forensicsBranches Computer forensics Mobile device forensics Network forensics Database forensics Hardware Forensic disk controller Software ADF Solutions Digital Evidence Investigator EnCase Foremost FTK PTK Forensics The Sleuth Kit The Coroner's Toolkit COFEE HashKeeper Xplico Certification Certified Forensic Computer Examiner (CFCE) Global Information Assurance Certification Processes Digital forensic process Data acquisition Digital evidence eDiscovery Anti-computer forensics Organisations National Software Reference Library American Society of Digital Forensics & eDiscovery Department of Defense Cyber Crime Center National Hi-Tech Crime Unit (NHTCU) Australian High Tech Crime Centre (AHTCC) People Mary Aiken Annie Antón Rebecca Bace Josh Brunty Eoghan Casey Hany Farid Simson Garfinkel Clifford Stoll Erik Laykin Robert Zeidman Glossary of digital forensics terms Authority control National libraries United States Other Microsoft Academic Retrieved from "https://en.wikipedia.org/w/index.php?title=Digital_forensics&oldid=1063677327" Categories: Digital forensicsForensic disciplinesHidden categories: CS1 errors: missing periodicalWebarchive template wayback linksArticles with short descriptionShort description matches WikidataGood articlesArticles with LCCN identifiersArticles with MA identifiers Navigation menu. Search .
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 175
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 130
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 75
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 71
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 64
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 48
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 38
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 35
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 34
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => law
                                            [tf] => 31
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 31
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => isbn 978
                                            [tf] => 30
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => 978
                                            [tf] => 30
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => 2010
                                            [tf] => 28
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 26
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 24
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => original
                                            [tf] => 24
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => august
                                            [tf] => 23
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => august 2010
                                            [tf] => 22
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => retrieved
                                            [tf] => 22
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => mobile
                                            [tf] => 20
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => isbn
                                            [tf] => 19
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => archived
                                            [tf] => 19
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => pdf
                                            [tf] => 18
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 17
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 17
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => example
                                            [tf] => 17
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => journal
                                            [tf] => 17
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => mobile device
                                            [tf] => 15
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => international
                                            [tf] => 15
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => media
                                            [tf] => 15
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 14
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 14
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => examination
                                            [tf] => 13
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => archived original
                                            [tf] => 12
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => computer crime
                                            [tf] => 12
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => criminal
                                            [tf] => 11
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => investigator
                                            [tf] => 11
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => forensic investigation
                                            [tf] => 10
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 10
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => forensic tool
                                            [tf] => 9
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => journal digital
                                            [tf] => 9
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => digital forensic investigation
                                            [tf] => 8
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => digital investigation
                                            [tf] => 8
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => volatile memory
                                            [tf] => 8
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => device forensic
                                            [tf] => 8
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => digital device
                                            [tf] => 8
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => digital media
                                            [tf] => 8
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => main article
                                            [tf] => 8
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => archived pdf original
                                            [tf] => 7
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => forensic process
                                            [tf] => 7
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => forensic science
                                            [tf] => 7
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => international journal
                                            [tf] => 7
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => archived pdf
                                            [tf] => 7
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => pdf original
                                            [tf] => 7
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => digital forensic research
                                            [tf] => 6
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => international journal digital
                                            [tf] => 6
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => branch digital
                                            [tf] => 6
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => database forensic
                                            [tf] => 6
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => network forensic
                                            [tf] => 6
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => forensic data
                                            [tf] => 6
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => forensic examination
                                            [tf] => 6
                                        )

                                    [62] => stdClass Object
                                        (
                                            [term] => forensic research
                                            [tf] => 6
                                        )

                                    [63] => stdClass Object
                                        (
                                            [term] => mobile device forensic
                                            [tf] => 5
                                        )

                                    [64] => stdClass Object
                                        (
                                            [term] => journal digital evidence
                                            [tf] => 5
                                        )

                                    [65] => stdClass Object
                                        (
                                            [term] => 2003 computer
                                            [tf] => 5
                                        )

                                    [66] => stdClass Object
                                        (
                                            [term] => artificial intelligence
                                            [tf] => 5
                                        )

                                    [67] => stdClass Object
                                        (
                                            [term] => data analysi
                                            [tf] => 5
                                        )

                                    [68] => stdClass Object
                                        (
                                            [term] => forensic data analysi
                                            [tf] => 4
                                        )

                                    [69] => stdClass Object
                                        (
                                            [term] => digital forensic tool
                                            [tf] => 4
                                        )

                                    [70] => stdClass Object
                                        (
                                            [term] => branch digital forensic
                                            [tf] => 4
                                        )

                                    [71] => stdClass Object
                                        (
                                            [term] => forensicsedit main article
                                            [tf] => 4
                                        )

                                    [72] => stdClass Object
                                        (
                                            [term] => carrier brian
                                            [tf] => 4
                                        )

                                    [73] => stdClass Object
                                        (
                                            [term] => mohay george
                                            [tf] => 4
                                        )

                                    [74] => stdClass Object
                                        (
                                            [term] => 59140 873
                                            [tf] => 4
                                        )

                                    [75] => stdClass Object
                                        (
                                            [term] => involving computer
                                            [tf] => 4
                                        )

                                    [76] => stdClass Object
                                        (
                                            [term] => carrier
                                            [tf] => 4
                                        )

                                    [77] => stdClass Object
                                        (
                                            [term] => 12
                                            [tf] => 4
                                        )

                                    [78] => stdClass Object
                                        (
                                            [term] => 2008 retrieved
                                            [tf] => 4
                                        )

                                    [79] => stdClass Object
                                        (
                                            [term] => 2011 retrieved
                                            [tf] => 4
                                        )

                                    [80] => stdClass Object
                                        (
                                            [term] => february 2006
                                            [tf] => 4
                                        )

                                    [81] => stdClass Object
                                        (
                                            [term] => branch
                                            [tf] => 4
                                        )

                                    [82] => stdClass Object
                                        (
                                            [term] => forensic network
                                            [tf] => 4
                                        )

                                    [83] => stdClass Object
                                        (
                                            [term] => forensic analysi
                                            [tf] => 4
                                        )

                                    [84] => stdClass Object
                                        (
                                            [term] => technology crime
                                            [tf] => 4
                                        )

                                    [85] => stdClass Object
                                        (
                                            [term] => united state
                                            [tf] => 4
                                        )

                                    [86] => stdClass Object
                                        (
                                            [term] => criminal investigation
                                            [tf] => 4
                                        )

                                    [87] => stdClass Object
                                        (
                                            [term] => forensicsedit main
                                            [tf] => 4
                                        )

                                    [88] => stdClass Object
                                        (
                                            [term] => forensic network forensic
                                            [tf] => 3
                                        )

                                    [89] => stdClass Object
                                        (
                                            [term] => digital forensic process
                                            [tf] => 3
                                        )

                                    [90] => stdClass Object
                                        (
                                            [term] => process digital forensic
                                            [tf] => 3
                                        )

                                    [91] => stdClass Object
                                        (
                                            [term] => federal rule evidence
                                            [tf] => 3
                                        )

                                    [92] => stdClass Object
                                        (
                                            [term] => digital forensic examiner
                                            [tf] => 3
                                        )

                                    [93] => stdClass Object
                                        (
                                            [term] => retrieved august
                                            [tf] => 3
                                        )

                                    [94] => stdClass Object
                                        (
                                            [term] => digital crime forensic
                                            [tf] => 3
                                        )

                                    [95] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 3
                                        )

                                    [96] => stdClass Object
                                        (
                                            [term] => crime scene
                                            [tf] => 3
                                        )

                                    [97] => stdClass Object
                                        (
                                            [term] => forensic digital
                                            [tf] => 3
                                        )

                                    [98] => stdClass Object
                                        (
                                            [term] => 1980 1990
                                            [tf] => 3
                                        )

                                    [99] => stdClass Object
                                        (
                                            [term] => crime act
                                            [tf] => 3
                                        )

                                    [100] => stdClass Object
                                        (
                                            [term] => federal law
                                            [tf] => 3
                                        )

                                    [101] => stdClass Object
                                        (
                                            [term] => tech crime
                                            [tf] => 3
                                        )

                                    [102] => stdClass Object
                                        (
                                            [term] => computer evidence
                                            [tf] => 3
                                        )

                                    [103] => stdClass Object
                                        (
                                            [term] => february 2010
                                            [tf] => 3
                                        )

                                    [104] => stdClass Object
                                        (
                                            [term] => operating system
                                            [tf] => 3
                                        )

                                    [105] => stdClass Object
                                        (
                                            [term] => process digital
                                            [tf] => 3
                                        )

                                    [106] => stdClass Object
                                        (
                                            [term] => brian carrier
                                            [tf] => 3
                                        )

                                    [107] => stdClass Object
                                        (
                                            [term] => meta data
                                            [tf] => 3
                                        )

                                    [108] => stdClass Object
                                        (
                                            [term] => mobile phone
                                            [tf] => 3
                                        )

                                    [109] => stdClass Object
                                        (
                                            [term] => law restrict
                                            [tf] => 3
                                        )

                                    [110] => stdClass Object
                                        (
                                            [term] => united kingdom
                                            [tf] => 3
                                        )

                                    [111] => stdClass Object
                                        (
                                            [term] => federal rule
                                            [tf] => 3
                                        )

                                    [112] => stdClass Object
                                        (
                                            [term] => rule evidence
                                            [tf] => 3
                                        )

                                    [113] => stdClass Object
                                        (
                                            [term] => electronic evidence
                                            [tf] => 3
                                        )

                                    [114] => stdClass Object
                                        (
                                            [term] => forensic examiner
                                            [tf] => 3
                                        )

                                    [115] => stdClass Object
                                        (
                                            [term] => forensic mobile
                                            [tf] => 3
                                        )

                                    [116] => stdClass Object
                                        (
                                            [term] => 2003
                                            [tf] => 3
                                        )

                                    [117] => stdClass Object
                                        (
                                            [term] => 2010 retrieved
                                            [tf] => 3
                                        )

                                    [118] => stdClass Object
                                        (
                                            [term] => forensic journal
                                            [tf] => 3
                                        )

                                    [119] => stdClass Object
                                        (
                                            [term] => data acquisition
                                            [tf] => 3
                                        )

                                    [120] => stdClass Object
                                        (
                                            [term] => digital crime
                                            [tf] => 3
                                        )

                                    [121] => stdClass Object
                                        (
                                            [term] => crime forensic
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 86
                            [rank] => 20
                        )

                    [11] => stdClass Object
                        (
                            [position] => 12
                            [title] => What is Digital Forensics? History, Process, Types, Challenges
                            [url] => https://www.guru99.com/digital-forensics.html
                            [destination] => https://www.guru99.com › digital-forensics
                            [description] => What is Digital Forensics? Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is
                            [isAmp] => 
                            [date] => 7 days ago
                            [organic_position] => 12
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What is Digital Forensics? History, Process, Types, Challenges
                            [serp_description] => In 2000, the First FBI Regional Computer Forensic Laboratory established. In 2002, Scientific Working Group on Digital Evidence (SWGDE) ...
                            [hostname] => guru99.com
                            [canonical] => https://www.guru99.com/digital-forensics.html
                            [h1] => What is Digital Forensics? History, Process, Types, Challenges
                            [h2] => Array
                                (
                                    [0] => What is Digital Forensics?
                                    [1] => History of Digital forensics
                                    [2] => Objectives of computer forensics
                                    [3] => Process of Digital forensics
                                    [4] => Types of Digital Forensics
                                    [5] => Challenges faced by Digital Forensics
                                    [6] => Example Uses of Digital Forensics
                                    [7] => Advantages of Digital forensics
                                    [8] => Disadvantages of Digital Forensics
                                    [9] => Summary:
                                )

                            [h3] => Array
                                (
                                    [0] => Identification
                                    [1] => Preservation
                                    [2] => Analysis
                                    [3] => Documentation
                                    [4] => Presentation
                                    [5] => Disk Forensics:
                                    [6] => Network Forensics:
                                    [7] => Wireless Forensics:
                                    [8] => Database Forensics:
                                    [9] => Malware Forensics:
                                    [10] => Email Forensics
                                    [11] => Memory Forensics:
                                    [12] => Mobile Phone Forensics:
                                    [13] => You Might Like:
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => What is Digital Forensics?
                                            [id] => 1
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => History of Digital forensics
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Objectives of computer forensics
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Process of Digital forensics
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Types of Digital Forensics
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Challenges faced by Digital Forensics
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Example Uses of Digital Forensics
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => Advantages of Digital forensics
                                        )

                                    [8] => stdClass Object
                                        (
                                            [text] => Disadvantages of Digital Forensics
                                        )

                                    [9] => stdClass Object
                                        (
                                            [text] => Summary:
                                        )

                                )

                            [type] => article
                            [wordCount] => 1250
                            [imgCount] => 5
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 22
                                    [outboundSize] => 0
                                    [list] => Array
                                        (
                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What is Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => History of Digital forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Objectives of computer forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Process of Digital forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Identification. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Preservation. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Analysis. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Documentation. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Presentation. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Types of Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Disk Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Network Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Wireless Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Database Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Malware Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [5] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Email Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [6] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Memory Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [7] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Mobile Phone Forensics:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Challenges faced by Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Example Uses of Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Advantages of Digital forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Disadvantages of Digital Forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [9] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Summary:. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => You Might Like:. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://www.guru99.com/images/1/102219_1057_WhatisDigit1.png
                                    [twitterImage] => https://www.guru99.com/images/1/102219_1057_WhatisDigit1.png
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => What is Digital Forensics? History, Process, Types, Challenges ByLawrence Williams Hours UpdatedJanuary 1, 2022 What is Digital Forensics? Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network. It provides the forensic team with the best techniques and tools to solve complicated digital-related cases. Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices. In this digital forensic tutorial, you will learn: What is Digital Forensics? History of Digital forensics Objectives of computer forensics Process of Digital forensics Types of Digital Forensics Challenges faced by Digital Forensics Example Uses of Digital Forensics Advantages of Digital forensics Disadvantages of Digital Forensics History of Digital forensics. Here, are important landmarks from the history of Digital Forensics: Hans Gross (1847 -1915): First use of scientific study to head criminal investigations FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across the USA. In 1978 the first computer crime was recognized in the Florida Computer Crime Act. Francis Galton (1982 – 1911): Conducted first recorded study of fingerprints In 1992, the term Computer Forensics was used in academic literature. 1995 International Organization on Computer Evidence (IOCE) was formed. In 2000, the First FBI Regional Computer Forensic Laboratory established. In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about digital forensic called “Best practices for Computer Forensics”. In 2010, Simson Garfinkel identified issues facing digital investigations. Objectives of computer forensics. Here are the essential objectives of using Computer forensics: It helps to recover, analyze, and preserve computer and related materials in such a manner that it helps the investigation agency to present them as evidence in a court of law. It helps to postulate the motive behind the crime and identity of the main culprit. Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence obtained is not corrupted. Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the evidence and validate them. Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the malicious activity on the victim Producing a computer forensic report which offers a complete report on the investigation process. Preserving the evidence by following the chain of custody. Process of Digital forensics. Digital forensics entails the following steps: Identification Preservation Analysis Documentation Presentation Process of Digital Forensics Let’s study each in detail Identification. It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format). Electronic storage media can be personal computers, Mobile phones, PDAs, etc. Preservation. In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with. Analysis. In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory. Documentation. In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping. Presentation. In this last step, the process of summarization and explanation of conclusions is done. However, it should be written in a layperson’s terms using abstracted terminologies. All abstracted terminologies should reference the specific details. Types of Digital Forensics. Three types of digital forensics are: Disk Forensics:. It deals with extracting data from storage media by searching active, modified, or deleted files. Network Forensics:. It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network traffic to collect important information and legal evidence. Wireless Forensics:. It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to collect and analyze the data from wireless network traffic. Database Forensics:. It is a branch of digital forensics relating to the study and examination of databases and their related metadata. Malware Forensics:. This branch deals with the identification of malicious code, to study their payload, viruses, worms, etc. Email Forensics. Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts. Memory Forensics:. It deals with collecting data from system memory (system registers, cache, RAM) in raw form and then carving the data from Raw dump. Mobile Phone Forensics:. It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc. Challenges faced by Digital Forensics. Here, are major challenges faced by the Digital Forensic: The increase of PC’s and extensive use of internet access Easy availability of hacking tools Lack of physical evidence makes prosecution difficult. The large amount of storage space into Terabytes that makes this investigation job difficult. Any technological changes require an upgrade or changes to solutions. Example Uses of Digital Forensics. In recent time, commercial organizations have used digital forensics in following a type of cases: Intellectual Property theft Industrial espionage Employment disputes Fraud investigations Inappropriate use of the Internet and email in the workplace Forgeries related matters Bankruptcy investigations Issues concern with the regulatory compliance Advantages of Digital forensics. Here, are pros/benefits of Digital forensics To ensure the integrity of the computer system. To produce evidence in the court, which can lead to the punishment of the culprit. It helps the companies to capture important information if their computer systems or networks are compromised. Efficiently tracks down cybercriminals from anywhere in the world. Helps to protect the organization’s money and valuable time. Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action’s in the court. Disadvantages of Digital Forensics. Here, are major cos/ drawbacks of using Digital Forensic Digital evidence accepted into court. However, it is must be proved that there is no tampering Producing electronic records and storing them is an extremely costly affair Legal practitioners must have extensive computer knowledge Need to produce authentic and convincing evidence If the tool used for digital forensic is not according to specified standards, then in the court of law, the evidence can be disapproved by justice. Lack of technical knowledge by the investigating officer might not offer the desired result Summary:. Digital Forensics is the preservation, identification, extraction, and documentation of computer evidence which can be used in the court of law Process of Digital forensics includes 1) Identification, 2) Preservation, 3) Analysis, 4) Documentation and, 5) Presentation Different types of Digital Forensics are Disk Forensics, Network Forensics, Wireless Forensics, Database Forensics, Malware Forensics, Email Forensics, Memory Forensics, etc. Digital forensic Science can be used for cases like 1) Intellectual Property theft, 2) Industrial espionage 3) Employment disputes, 4) Fraud investigations. You Might Like:. What is Hacking? Types of Hackers | Introduction to Cybercrime How to Hack a Web Server What is Cybercrime? Types, Tools, Examples 10 Best FREE DDoS Attack Online Tool | Software | Websites 10 BEST Operating System (OS) for Hacking in 2022 Scroll to top Toggle Menu Close
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 65
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 46
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 36
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 21
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 19
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 12
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => identification
                                            [tf] => 10
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => help
                                            [tf] => 10
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => documentation
                                            [tf] => 9
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 9
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => type
                                            [tf] => 9
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 9
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => preservation
                                            [tf] => 8
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => court
                                            [tf] => 8
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 8
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 8
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 7
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 7
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 6
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => network forensic
                                            [tf] => 5
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 5
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => law
                                            [tf] => 5
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => related
                                            [tf] => 5
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => study
                                            [tf] => 5
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => deal
                                            [tf] => 5
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => email
                                            [tf] => 5
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 5
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => process digital forensic
                                            [tf] => 4
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => type digital forensic
                                            [tf] => 4
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => forensic digital
                                            [tf] => 4
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => evidence court
                                            [tf] => 4
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => court law
                                            [tf] => 4
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => process digital
                                            [tf] => 4
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => type digital
                                            [tf] => 4
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => crime scene
                                            [tf] => 4
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => forensic deal
                                            [tf] => 4
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => mobile
                                            [tf] => 4
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => phone
                                            [tf] => 4
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => offer
                                            [tf] => 4
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => scene
                                            [tf] => 4
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => deleted
                                            [tf] => 4
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => step
                                            [tf] => 4
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => wireless
                                            [tf] => 4
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => digital forensic history
                                            [tf] => 3
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => digital forensic digital
                                            [tf] => 3
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => forensic digital forensic
                                            [tf] => 3
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => evidence court law
                                            [tf] => 3
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => history digital forensic
                                            [tf] => 3
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => objectif computer forensic
                                            [tf] => 3
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => digital forensic type
                                            [tf] => 3
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => challenge faced digital
                                            [tf] => 3
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => faced digital forensic
                                            [tf] => 3
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => forensic history
                                            [tf] => 3
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => computer evidence
                                            [tf] => 3
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => mobile phone
                                            [tf] => 3
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => history digital
                                            [tf] => 3
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => objectif computer
                                            [tf] => 3
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => forensic type
                                            [tf] => 3
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => challenge faced
                                            [tf] => 3
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => faced digital
                                            [tf] => 3
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => wireless forensic
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 49
                            [rank] => 39844
                        )

                    [12] => stdClass Object
                        (
                            [position] => 13
                            [title] => Computer crime investigation using forensic tools and technology - Infosec Resources
                            [url] => https://resources.infosecinstitute.com/topic/computer-crime-investigation-using-forensic-tools-and-technology/
                            [destination] => https://resources.infosecinstitute.com › topic › computer...
                            [description] => As more and more users go mobile and utilize interconnected devices, computers are often at the center of incidents and investigations. Evidence for
                            [isAmp] => 
                            [organic_position] => 13
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Computer crime investigation using forensic tools and ...
                            [serp_description] => The computer forensic process · Collection – search and seizing of digital evidence, and acquisition of data · Examination – applying techniques to identify and ...
                            [hostname] => resources.infosecinstitute.com
                            [canonical] => https://resources.infosecinstitute.com/topic/computer-crime-investigation-using-forensic-tools-and-technology/
                            [h1] => Computer crime investigation using forensic tools and technology
                            [h2] => Array
                                (
                                    [0] => Computer forensic experts
                                    [1] => The computer forensic process
                                    [2] => Ways to obtain evidence forensically
                                    [3] => A few computers forensic tools
                                    [4] => The need for new forensic tools
                                    [5] => Conclusion
                                    [6] => Sources
                                )

                            [h3] => Array
                                (
                                    [0] => Leave a Reply Cancel reply
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => Computer forensic experts
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => The computer forensic process
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Ways to obtain evidence forensically
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => A few computers forensic tools
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => The need for new forensic tools
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Conclusion
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Sources
                                        )

                                )

                            [modified_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 5o June 2021
                                    [dateISO] => 2021-06-05T19:03:01+00:00
                                )

                            [type] => article
                            [wordCount] => 2898
                            [imgCount] => 6
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 97
                                    [outboundSize] => 17
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://twitter.com/infosecedu
                                                    [hrefDomain] => twitter.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.instagram.com/infosecinstitute/
                                                    [hrefDomain] => instagram.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://www.linkedin.com/company/infosec-institute/
                                                    [hrefDomain] => linkedin.com
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => computer forensics
                                                    [href] => http://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/oct2000/index.htm/computer.htm
                                                    [hrefDomain] => fbi.gov
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => career outlook post
                                                    [href] => http://www.bls.gov/careeroutlook/1999/Fall/art01.pdf
                                                    [hrefDomain] => bls.gov
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => Computer Forensics World
                                                    [href] => http://www.computerforensicsworld.com/
                                                    [hrefDomain] => computerforensicsworld.com
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Forensic investigation
                                                    [href] => https://www.skillset.com/skillsets/computer-hacking-forensic-investigation
                                                    [hrefDomain] => skillset.com
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => fraudulent intentions
                                                    [href] => http://www.fbi.gov/news/testimony/cyber-security-threats-to-the-financial-sector
                                                    [hrefDomain] => fbi.gov
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => Snort
                                                    [href] => https://www.snort.org/
                                                    [hrefDomain] => snort.org
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => Guidelines on Mobile Device Forensics
                                                    [href] => http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf
                                                    [hrefDomain] => nist.gov
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => Carving out the Difference between Computer Forensics and E-Discovery
                                                    [href] => http://articles.forensicfocus.com/2015/02/27/difference-between-computer-forensics-and-e-discovery/
                                                    [hrefDomain] => forensicfocus.com
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => Streamlining the Digital Forensic Workflow: Part 3
                                                    [href] => http://www.forensicmag.com/articles/2015/02/streamlining-digital-forensic-workflow-part-3
                                                    [hrefDomain] => forensicmag.com
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => Safer Live Forensic Acquisition
                                                    [href] => http://www.cs.kent.ac.uk/pubs/ug/2007/co620-projects/forensic/report.pdf
                                                    [hrefDomain] => kent.ac.uk
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => Security Watch – Challenges in Forensic Computing
                                                    [href] => http://www.notablesoftware.com/Papers/ForensicComp.html
                                                    [hrefDomain] => notablesoftware.com
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => Computer Forensics Field Triage Process Model
                                                    [href] => http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=document_general_info&cPath=11&products_id=228
                                                    [hrefDomain] => macforensicslab.com
                                                    [isOutbound] => 1
                                                )

                                            [15] => stdClass Object
                                                (
                                                    [text] => Innovations Blog: The Push for Live Forensics
                                                    [href] => http://www.fid3.com/blog/2009/09/04/the-push-for-live-forensics/
                                                    [hrefDomain] => fid3.com
                                                    [isOutbound] => 1
                                                )

                                            [16] => stdClass Object
                                                (
                                                    [text] => Digital Forensics is not just HOW but WHY
                                                    [href] => http://articles.forensicfocus.com/2012/07/03/digital-forensics-is-not-just-how-but-why/
                                                    [hrefDomain] => forensicfocus.com
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Computer forensic experts. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => The computer forensic process. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Ways to obtain evidence forensically. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => A few computers forensic tools. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => The need for new forensic tools. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Conclusion. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Sources. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 5
                                                            [name] => Daniel Brecht
                                                            [tag] => h5
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Leave a Reply Cancel reply. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 5
                                                                            [name] => Related Articles
                                                                            [tag] => h5
                                                                            [children] => Array
                                                                                (
                                                                                    [0] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => iOS forensics
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [1] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Kali Linux: Top 5 tools for digital forensics
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [2] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Snort demo: Finding SolarWinds Sunburst indicators of compromise
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [3] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Memory forensics demo: SolarWinds breach and Sunburst malware
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://resources.infosecinstitute.com/wp-content/uploads/2020/10/forensic-windows12302013.jpg
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Computer crime investigation using forensic tools and technology January 26, 2018 by Daniel Brecht Share: As more and more users go mobile and utilize interconnected devices, computers are often at the center of incidents and investigations. Evidence for discussion in a court of law is often gathered thanks to the skills of digital forensic experts that can extract crucial data from electronic devices belonging to the affected parties. Law officials sometime depend on the testimony of computer forensic analysts specialized in e-discovery; these experts are called to work directly with police officers and detectives to aid in identifying, preserving, analyzing and presenting digital evidence to help solve crime cases. The aim of the article is to provide an overview of computer forensics and the methods applied in the acquisition of digital evidence from computer systems and mobile devices for analysis of information involved in criminal investigations. It also touches on the latest forensics challenges: mobile forensics, cloud forensics, and anti-forensics. Computer forensic experts. The job of the forensic experts is to “help identify criminals and analyze evidence against them,” says Hall Dillon in a career outlook post for the U.S. Bureau of Labor Statistics. Trained and skilled individuals work for public law enforcement or in the private sector to carry out tasks related to the collection and analysis of digital evidence. They are also responsible for writing meaningful reports for use in investigative and legal settings. In addition to working in labs, forensic experts apply digital investigative techniques in the field uncovering metadata that holds importance in a court of law. Today’s computer forensic analysts are capable of recovering data that have been deleted, encrypted or are hidden in the folds of mobile devices technology; they can be called to testify in court and relate the evidence found during investigations. They can be involved in challenging cases, to include the verification of offenders’ alibis, examination of Internet abuse, misuse of computing resources and network usage in making computer-related threats. Forensic experts can be called upon to support major cases involving data breaches, intrusions, or any other type of incidents. By applying techniques and proprietary software forensic applications to examine system devices or platforms, they might be able to provide key discoveries to pin who was/were responsible for an investigated crime. The rapidly growing discipline of computer forensics has become its own area of scientific expertise, with accompanying training and certifications (CCFE, CHFI). According to Computer Forensics World, a community of professionals involved in the digital forensics industry, the certified individuals in this field are responsible for the identification, collection, acquisition, authentication, preservation, examination, analysis, and presentation of evidence for prosecution purposes. The computer forensic process. The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations. Experts use a systematic approach to examine evidence that could be presented in court during proceedings. The involvement of forensic experts needs to be early on in an investigation as they can help in properly collecting technical material in a way that allows restoring the content without any damage to its integrity. Forensic investigation efforts can involve many (or all) of the following steps: Collection – search and seizing of digital evidence, and acquisition of data Examination – applying techniques to identify and extract data Analysis – using data and resources to prove a case Reporting – presenting the info gathered (e.g., written case report) Bill Nelson, one of the contributing authors of the Guide to Computer Forensics and Investigations (third ed.) book, highlights the importance of the three A’s of computer Forensics: Acquire, Authenticate and Analyze. He says the computer forensic process, in fact, involves taking a systematic approach, which includes an initial assessment, obtaining evidence and analyzing it, to completing a case report (2008, pp. 32-33). Forensic cases vary greatly; some deal with computer intruders stealing data; others involve hackers that break into web sites and launch DDoS attacks, or attempt to gain access to user names and passwords for identity theft with fraudulent intentions, says the FBI. Some cases involve cyber-stalking or wrongdoers that visit prohibited sites (e.g., child pornography websites). A forensic examiner can explore the cyber-trail left by the offender. Whatever the reason for the investigation, the analysts follows step-by-step procedures to make sure findings are sound. Once a criminal case is open, computers, and other digital media equipment and software will be seized and/or investigated for evidence. During the retrieval process, all essential items are collected in order to give the forensic analyst what s/he needs to give testimony in court. Then it is time to extract and analyze data. A computer forensic investigator takes into account the 5Ws (Who, What, When, Where, Why) and How a computer crime or incident occurred. Using standard evaluation criteria, the examiner can identify security-related lapses in a network environment looking for suspicious traffic and any kind of intrusions, or they can gather messages, data, pictures, and other information to be uniquely attributed to a specific user involved in a case. The forensics process includes also report writing. Computer forensic examiners are required to create such reports for the attorney to discuss available factual evidence. It is important to prepare forensic evidence for testimony, especially when cases go to trial and the examiner is called as a technical/scientific witness or expert witness. Ways to obtain evidence forensically. Traditionally, computer forensic investigations were performed on data at rest, for example, by exploring the content of hard drives. Whenever a forensic scientist required further analysis (such as to perform imaging—the copying of hard drives, flash drives, disks, etc.), it was normally done in a controlled lab environment. Dead analysis (also known as dead forensic acquisition or just static acquisition) is data possession that is performed on computers that have been powered off. In other words, it involves examinations of the system (and parts of it) at rest (dead). The live-analysis technique, instead, involves gathering data from a system before shutting it down. A dead analysis is considered necessary to have the time also to retrieve physical evidence like DNA (fingerprints on equipment); however, it is live acquisition in the field that is currently the focus of forensic experts’ attention. Performing a “live analysis” in the field provides quick and up-front evidence; it can be performed thanks to analytical tools that are now portable and can be carried by the analysts at the crime scene to begin investigating immediately. Even though a forensic examiner may need the crime lab for further analysis, or to perform a repetitive process (something that is not possible with live acquisitions), not all cases require it. Nonetheless, it is important for the forensic examiner to collect just enough information to determine the next appropriate step in the investigation. This approach ensures no loss or damage of digital evidence, loss of volatile data or needing a warrant for the seizing of the equipment. Live investigations have already been performed for years. In today’s digital age and rise in computer crime, it is no surprise why there is a need to employ forensic analysts for the analysis and interpretation of digital evidence (e.g., computer systems, storage media and devices), explains Marcus K. Rogers, Computer and Information Technology Department at Purdue University. In an article about the Cyber Forensic Field Triage Process Model (CFFTPM) in 2006, he noted that “CFFTPM proposes an onsite or field approach for providing the identification, analysis and interpretation of digital evidence in a short time frame, without the requirement of having to take the system(s)/media back to the lab for an in-depth examination or acquiring a complete forensic image(s).” A few computers forensic tools. Comprehensive forensic software tools (such as Encase Forensic Edition, X-Ways Forensic Addition, Paraben, Forensic ToolKit (FTK), Linux DD, etc.) are used by crime scene investigators to provide their collection, indexing and detailed analysis. A forensic investigation consists of gathering computer forensic information; the process can begin by analyzing network traffic with a packet analyzer or a sniffer tool like Wireshark that is capable of intercepting traffic and logging it for further analysis. NetworkMiner, another Network Forensic Analysis Tool (NFAT), is an alternative to Wireshark to extract or recover all files. Snort, instead, is a valuable tool in tracking down network intruders in real time. NFAT software also contains forensic capabilities by performing analysis on stored network traffic, as its name suggests. As for Incident Response and Identification, A Forensic Toolkit, or FTK, can be used to identify deleted files and recovering them; whereas, EnCase is apt for forensic, cyber-security and e-discovery use. The need for new forensic tools. The implementation and rapid growth of new technologies has created quite a few problems to forensic analysts who are now faced with the tasks of having to look for information not only on personal computers and laptops but also (and more often) on tablets and smartphones. “Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods,” states NIST in its “Guidelines on Mobile Device Forensics.” The guide highlights how forensic analysts must have a firm understanding, today, of the uniqueness of the mobile world and understand most of the technology features behind any model and type of device that can be found at a crime scene. The proliferation of proprietary operating systems, encryption technologies and protection tools developed by smartphone companies like Nokia, Samsung, LG, Huawei, Apple and more obliges analysts to keep up with latest developments at a faster rate than ever before. Today’s new advanced devices are produced at higher rates and extracting information from them, even after bypassing the obvious security features that protect them, offer unique challenges. Working with stand-alone computers, an analyst knew where to look for data (RAM, BIOS, HHD…). In a mobile device storage, it is not as clear cut, and relevant information could be found in several locations, from NAND to NOR flash memory to the RAM of a SIM card, for example. It is important to work in ways that preserve data considering, for example, issues like the effects of power drainage on the volatile memory of the device that could reveal important information on program executions on the device. In addition, “Closed operating systems make interpreting their associated file system and structure difficult. Many mobile devices with the same operating system may also vary widely in their implementation, resulting in a myriad of file system and structure permutations. These permutations create significant challenges for mobile forensic tool manufacturers and examiners.” (NIST Special Publication 800-101, Revision 1) As the National Institute of Standards and Technology (NIST) explains, many are the techniques that analysts can employ in order to gather forensic data from mobile devices, from the less intrusive manual extraction to the invasive, sophisticated and expensive micro read. Manual extraction means obtaining information by simply using the device user interface and display. The second step is still basic and involves logical extraction. The third level involves Hex Dumping/JTAG Extraction methods; it requires a more difficult data gathering approach – performed though the physical acquisition of the device memory. The fourth level is the chip-off method that involves the actual removal of the memory and the fifth, the most difficult and sophisticated method is the Micro Read technique in which analysts use a sophisticated microscope to view the physical state of all gates. NIST is not only working on a common approach to mobile forensics, but also in providing a forum to gather ideas on cloud forensics. Cloud computing is a fast growing technology now used by most mobile device users and many companies. Its flexibility and scalability make it an appealing choice for most users, but also poses unique forensic challenges. In addition to technical challenges, in fact, cloud computing poses jurisdiction and legal problems. Data, in fact, can be stored and accessed anywhere and it might be problematic for investigators to access data in different countries or in ways that preserve the privacy rights of other cloud users. In addition, it is hard sometimes to attribute data and actions to a particular user. The recovery of data could also be problematic because of the overwriting and reuse of space in a cloud environment. Investigators need also to be aware of anti-forensics techniques, tools, and practices that can make forensic analysis inconclusive especially in a cloud environment. Certain types of malware and obfuscation techniques can compromise the integrity of collected evidence and can make conclusions hard to present in court. Conclusion. As Infosec explains on its website, “Computer Forensics Specialists are needed by today’s companies to determine the root cause of a hacker attack, collect evidence legally admissible in court, and protect corporate assets and reputation.” With cybercrimes (i.e., any criminal act dealing with computers and networks) on the rise and threatening organizational data, as well as the increased use of digital devises by the general population, the analysis of digital evidence becomes a crucial element at many crime scenes. Forensic computing is now an exciting profession that places emphasis on the human element but also poses challenges due to the need of uncovering digital evidence in an ever-changing environment. Technology advances and the shift to networked and cloud environments where anti-forensic methods can easily come into play, obliges professionals in the fields to keep up to date and revise continuously standard operating procedures. Rebecca T. Mercuri, founder of Notable Software, Inc., noted in a scholarly article on Challenges in Forensic Computing that “the continuing maturity of this field will invariably bring some stabilization in best practices, training, certification, and toolsets, but new challenges will always emerge because of the dynamic nature of the technology at its root.” Nonetheless, as FBI states on its web site, “this emerging forensic discipline is to remain an effective and reliable tool in the criminal justice system.” Sources. Guidelines on Mobile Device Forensics Carving out the Difference between Computer Forensics and E-Discovery Streamlining the Digital Forensic Workflow: Part 3 Safer Live Forensic Acquisition Security Watch – Challenges in Forensic Computing Guide to Computer Forensics and Investigations. (3rd ed.). Boston, MA Computer Forensics Field Triage Process Model.  Innovations Blog: The Push for Live Forensics. Digital Forensics is not just HOW but WHY Posted: January 26, 2018 Share: Uh-oh! We've encountered a new and totally unexpected error. Get instant boot camp pricing Thank you! A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here. Articles Author Daniel Brecht View Profile Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology. In this Series Computer crime investigation using forensic tools and technology iOS forensics Kali Linux: Top 5 tools for digital forensics Snort demo: Finding SolarWinds Sunburst indicators of compromise Memory forensics demo: SolarWinds breach and Sunburst malware Digital forensics careers: Public vs private sector? Email forensics: desktop-based clients What is a Honey Pot? [updated 2021] Email forensics: Web-based clients Email analysis Investigating wireless attacks Wireless networking fundamentals for forensics Protocol analysis using Wireshark Wireless analysis Log analysis Network security tools (and their role in forensic investigations) Sources of network forensic evidence Network Security Technologies Network Forensics Tools The need for Network Forensics Network Forensics Concepts Networking Fundamentals for Forensic Analysts Popular computer forensics top 19 tools [updated 2021] 7 best computer forensics tools [updated 2021] Spoofing and Anonymization (Hiding Network Activity) Browser Forensics: Safari Browser Forensics: IE 11 Browser Forensics: Firefox Browser forensics: Google chrome Webinar summary: Digital forensics and incident response — Is it the career for you? Web Traffic Analysis Network forensics overview Eyesight to the Blind – SSL Decryption for Network Monitoring [Updated 2019] Gentoo Hardening: Part 4: PaX, RBAC and ClamAV [Updated 2019] Computer forensics: FTK forensic toolkit overview [updated 2019] The mobile forensics process: steps and types Free & open source computer forensics tools An Introduction to Computer Forensics Common mobile forensics tools and techniques Computer forensics: Chain of custody [updated 2019] Computer forensics: Network forensics analysis and examination steps [updated 2019] Computer Forensics: Overview of Malware Forensics [Updated 2019] Incident Response and Computer Forensics Computer Forensics: Memory Forensics Comparison of popular computer forensics tools [updated 2019] Computer Forensics: Forensic Analysis and Examination Planning Computer forensics: Operating system forensics [updated 2019] Computer Forensics: Mobile Forensics [Updated 2019] Computer Forensics: Digital Evidence [Updated 2019] Computer Forensics: Mobile Device Hardware and Operating System Forensics The Types of Computer Forensic Investigations Related Bootcamps Incident Response Leave a Reply Cancel reply. Related Articles Digital forensics iOS forensics September 7, 2021 Hashim Shaikh Digital forensics Kali Linux: Top 5 tools for digital forensics July 28, 2021 Graeme Messina Digital forensics Snort demo: Finding SolarWinds Sunburst indicators of compromise July 6, 2021 Howard Poston Digital forensics Memory forensics demo: SolarWinds breach and Sunburst malware June 28, 2021 Howard Poston
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 132
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 57
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 40
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 29
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 28
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 25
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 24
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 23
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 22
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => mobile
                                            [tf] => 20
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 17
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 17
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => technology
                                            [tf] => 13
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => analyst
                                            [tf] => 13
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 13
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 13
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => updated
                                            [tf] => 13
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 12
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 12
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => mobile device
                                            [tf] => 12
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => expert
                                            [tf] => 11
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 11
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => forensic tool
                                            [tf] => 10
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => updated 2019
                                            [tf] => 10
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => 2021
                                            [tf] => 10
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => 2019
                                            [tf] => 10
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => acquisition
                                            [tf] => 9
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => challenge
                                            [tf] => 9
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => cloud
                                            [tf] => 9
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => technique
                                            [tf] => 9
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => field
                                            [tf] => 9
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 9
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => forensic expert
                                            [tf] => 8
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => user
                                            [tf] => 8
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => examination
                                            [tf] => 8
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => updated 2019 computer
                                            [tf] => 7
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => 2019 computer forensic
                                            [tf] => 7
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => forensic analyst
                                            [tf] => 7
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => forensic investigation
                                            [tf] => 7
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => network forensic
                                            [tf] => 7
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => 2019 computer
                                            [tf] => 7
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => live
                                            [tf] => 7
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => memory
                                            [tf] => 7
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => mobile forensic
                                            [tf] => 6
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => operating system
                                            [tf] => 5
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => computer forensic investigation
                                            [tf] => 4
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => computer forensic tool
                                            [tf] => 4
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => forensic computing
                                            [tf] => 4
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => updated 2021
                                            [tf] => 4
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => computer crime
                                            [tf] => 4
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => today
                                            [tf] => 4
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => forensic process
                                            [tf] => 4
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => forensic examiner
                                            [tf] => 4
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => crime scene
                                            [tf] => 4
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => forensic analysi
                                            [tf] => 4
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => incident response
                                            [tf] => 4
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => browser forensic
                                            [tf] => 4
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => mobile device forensic
                                            [tf] => 3
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => forensic updated 2019
                                            [tf] => 3
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => daniel brecht
                                            [tf] => 3
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => discovery
                                            [tf] => 3
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => anti forensic
                                            [tf] => 3
                                        )

                                    [62] => stdClass Object
                                        (
                                            [term] => forensic toolkit
                                            [tf] => 3
                                        )

                                    [63] => stdClass Object
                                        (
                                            [term] => device forensic
                                            [tf] => 3
                                        )

                                    [64] => stdClass Object
                                        (
                                            [term] => cloud computing
                                            [tf] => 3
                                        )

                                    [65] => stdClass Object
                                        (
                                            [term] => cloud environment
                                            [tf] => 3
                                        )

                                    [66] => stdClass Object
                                        (
                                            [term] => memory forensic
                                            [tf] => 3
                                        )

                                    [67] => stdClass Object
                                        (
                                            [term] => tool updated
                                            [tf] => 3
                                        )

                                    [68] => stdClass Object
                                        (
                                            [term] => forensic updated
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 52
                            [rank] => 15131
                        )

                    [13] => stdClass Object
                        (
                            [position] => 14
                            [title] => What Is Digital Forensics: Process, Tools, and Types | Computer ForensicsOverview | RecFaces
                            [url] => https://recfaces.com/articles/digital-forensics
                            [destination] => https://recfaces.com › None › Biometrics Blog
                            [description] => What is digital forensics? What do you need to become a computerforensics expert? Learn about the tools that are used to prevent and investigatecybercrimes
                            [isAmp] => 
                            [date] => 18 Jan 2021
                            [organic_position] => 14
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What Is Digital Forensics: Process, Tools, and Types - RecFaces
                            [serp_description] => Read on to find out about digital forensics in 2020—2021. ... set of tools that works with different types of evidence;; Digital forensics ...
                            [hostname] => recfaces.com
                            [canonical] => https://recfaces.com/articles/digital-forensics
                            [h1] => Digital Forensics: What Is It in 2021—2022?
                            [h2] => Array
                                (
                                    [0] => What Is Digital Forensics? Meaning & Definition
                                    [1] => Brief Digital Forensics History Overview
                                    [2] => What Does a Digital Forensics Specialist Do?
                                    [3] => What Is Digital Forensics For?
                                    [4] => What Are the Purposes of Digital Forensics?
                                    [5] => Digital Forensic Process
                                    [6] => What Tools Are Used for Digital Forensics?
                                    [7] => Types of Digital Evidences
                                    [8] => What Are Different Types and Branches of Digital Forensics?
                                    [9] => What Are the Main Challenges in Digital Forensics?
                                    [10] => How Can Biometrics Help in Digital Forensics?
                                    [11] => How Can You Get into a Digital Forensics Career?
                                    [12] => What Job Can You Get in Digital Forensics?
                                    [13] => What Skills Are Required for a Career in Digital Forensics?
                                    [14] => Summary
                                    [15] => Digital Forensics FAQ
                                )

                            [h3] => Array
                                (
                                    [0] => Computer Forensics
                                    [1] => Mobile Device Forensics
                                    [2] => Network Forensics
                                    [3] => Forensic Data Analysis
                                    [4] => Database forensics
                                    [5] => Email Forensics
                                    [6] => Malware Forensics
                                    [7] => Memory Forensics
                                    [8] => Wireless Forensics
                                    [9] => Disk Forensics
                                    [10] => Rapid Technological Development
                                    [11] => Availability
                                    [12] => Availability of Hacking Tools
                                    [13] => Big Data Era
                                    [14] => Admissibility
                                    [15] => How does digital forensics work?
                                    [16] => Why is digital forensics important?
                                    [17] => Is digital forensics a good career?
                                    [18] => What are digital forensics tools?
                                    [19] => What is digital forensics used for?
                                    [20] => Who benefits from digital forensics?
                                    [21] => How is digital forensics different from digital recovery?
                                    [22] => Регистрация партнера
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => What Is Digital Forensics? Meaning & Definition
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => Brief Digital Forensics History Overview
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => What Does a Digital Forensics Specialist Do?
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => What Is Digital Forensics For?
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => What Are the Purposes of Digital Forensics?
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Digital Forensic Process
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => What Tools Are Used for Digital Forensics?
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => Types of Digital Evidences
                                        )

                                    [8] => stdClass Object
                                        (
                                            [text] => What Are Different Types and Branches of Digital Forensics?
                                        )

                                    [9] => stdClass Object
                                        (
                                            [text] => What Are the Main Challenges in Digital Forensics?
                                        )

                                    [10] => stdClass Object
                                        (
                                            [text] => How Can Biometrics Help in Digital Forensics?
                                        )

                                    [11] => stdClass Object
                                        (
                                            [text] => How Can You Get into a Digital Forensics Career?
                                        )

                                    [12] => stdClass Object
                                        (
                                            [text] => What Job Can You Get in Digital Forensics?
                                        )

                                    [13] => stdClass Object
                                        (
                                            [text] => What Skills Are Required for a Career in Digital Forensics?
                                        )

                                    [14] => stdClass Object
                                        (
                                            [text] => Summary
                                        )

                                    [15] => stdClass Object
                                        (
                                            [text] => Digital Forensics FAQ
                                        )

                                )

                            [published_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 18o January 2021
                                    [dateISO] => 2021-01-18T12:00:53+00:00
                                )

                            [modified_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 3o March 2021
                                    [dateISO] => 2021-03-03T10:26:33+00:00
                                )

                            [type] => article
                            [wordCount] => 4103
                            [imgCount] => 8
                            [lang] => stdClass Object
                                (
                                    [langLinks] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [lang] => en
                                                    [url] => https://recfaces.com/articles/digital-forensics
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [lang] => x-default
                                                    [url] => https://recfaces.com/articles/digital-forensics
                                                )

                                        )

                                    [size] => 1
                                    [string] => en
                                )

                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 124
                                    [outboundSize] => 5
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => The School of Business and Justice Studies
                                                    [href] => https://www.utica.edu/academics/programs/cybersecurity
                                                    [hrefDomain] => utica.edu
                                                    [rel] => noopener noreferrer nofollow external
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => Champlain College
                                                    [href] => https://online.champlain.edu/degrees-certificates/bachelors-computer-forensics-digital-investigations
                                                    [hrefDomain] => champlain.edu
                                                    [rel] => noopener noreferrer nofollow external
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => Purdue University’s
                                                    [href] => https://polytechnic.purdue.edu/facilities/cybersecurity-forensics-lab
                                                    [hrefDomain] => purdue.edu
                                                    [rel] => noopener noreferrer nofollow external
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => The University of Maryland
                                                    [href] => https://www.umgc.edu/academic-programs/masters-degrees/digital-forensics-cyber-investigation-ms.cfm
                                                    [hrefDomain] => umgc.edu
                                                    [rel] => noopener noreferrer nofollow external
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => John Jay College of Criminal Justice
                                                    [href] => https://www.jjay.cuny.edu/master-science-digital-forensics-and-cybersecurity
                                                    [hrefDomain] => cuny.edu
                                                    [rel] => noopener noreferrer nofollow external
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 4
                                            [name] => Table of Contents. 
                                            [tag] => h4
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Is Digital Forensics? Meaning & Definition. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Brief Digital Forensics History Overview. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Does a Digital Forensics Specialist Do?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Is Digital Forensics For?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Are the Purposes of Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital Forensic Process. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Tools Are Used for Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Types of Digital Evidences. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [9] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Are Different Types and Branches of Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Computer Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Mobile Device Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Network Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Forensic Data Analysis. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Database forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [5] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Email Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [6] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Malware Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [7] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Memory Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [8] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Wireless Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [9] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Disk Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [10] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Are the Main Challenges in Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Rapid Technological Development. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Availability. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Availability of Hacking Tools. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Big Data Era. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Admissibility. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [11] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How Can Biometrics Help in Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [12] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How Can You Get into a Digital Forensics Career?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [13] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Job Can You Get in Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [14] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Skills Are Required for a Career in Digital Forensics?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [15] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Summary. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [16] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital Forensics FAQ. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How does digital forensics work?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Why is digital forensics important?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Is digital forensics a good career?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What are digital forensics tools?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What is digital forensics used for?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [5] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Who benefits from digital forensics?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [6] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How is digital forensics different from digital recovery?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [7] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Регистрация партнера. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://recfaces.com/wp-content/uploads/2021/01/cyberattack2-scaled.jpeg
                                )

                            [schema_type] => Array
                                (
                                    [0] => CreativeWork
                                    [1] => Organization
                                    [2] => BreadcrumbList
                                    [3] => Article
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Digital Forensics: What Is It in 2021—2022? 18 January 2021 | None 18 January 2021 Rapid technological development has given rise to cybercrimes. More often than not, criminals use technology in planning and committing other kinds of crime. Computers, smartphones, flash drives, and cloud data storage are among many types of devices that keep digital evidence. Not only do cybercrime specialists have to know how to collect and analyze data, but they also have to comprehend the legal basis of using this data in the judicial process. Read on to find out about digital forensics in 2020—2021. Digital forensics is a forensic science branch that involves the recovery, analysis, and preservation of any information found on digital devices; this forensics branch often concerns cybercrimes. The term “digital forensics” was originally used as a synonym for computer forensics but has now expanded to cover the analysis of information on all devices that can store digital data. Digital forensics experts react to incidents like server hacks or leaks of sensitive information. Their specialized forensic toolkits help them investigate incidents, analyze traffic, and look for hidden data and other evidence. They collect, recover, and store the data relevant for the investigation and prepare and present it in court. Depending on the type of information and its sources, digital forensics has branches and requires specific professional training that gives excellent career prospects and an exciting occupation. Table of Contents. What Is Digital Forensics? Meaning & Definition Brief Digital Forensics History Overview What Does a Digital Forensics Specialist Do? What Is Digital Forensics for? What Are the Purposes of Digital Forensics? Digital Forensic Process What Tools Are Used for Digital Forensics? Types of Digital Evidences What Are Different Types and Branches of Digital Forensics? What Are the Main Challenges in Digital Forensics? How Can Biometrics Help in Digital Forensics? How Can You Get into a Digital Forensics Career? What Job Can You Get in Digital Forensics? What Skills are Required for a Career in Digital Forensics? Summary Digital Forensics FAQ What Is Digital Forensics? Meaning & Definition. Digital forensics originated from the umbrella term of computer forensics. Now it is a separate applied discipline focused on solving computer-related crimes, the investigation of digital evidence, and methods of finding, obtaining, and securing such evidence. Digital forensics deals with any data found on digital devices. In the first chapter, Understanding Digital Forensics, of Jason Sachowski’s book, Implementing Forensic Readiness, there is a historical overview of how the discipline emerged and evolved as well as a comprehensive explanation of the meaning and definition of this branch of forensic science. For the last fifty years, digital forensics has evolved from unstructured activities of mainly hobbyists into a well-organized, registered applied discipline, which identifies, examines, and preserves all possible data on digital devices. Digital forensics analysis is required by both law enforcement and businesses and can be used in and outside of court. Brief Digital Forensics History Overview. In the 1970s, the United States introduced the 1978 Florida Computer Crimes Act, which was based on legislation against unauthorized alteration or deleting data in a computer system; 1983 was marked by Canada passing legislation in the field of cybercrimes and computer forensics; In 1985, Britain created a computer crime department; In 1989, cybercrimes were added to the official list of crimes in Australia; The 1990 Britain’s Computer Misuse Act made digital forensics well-recognized all over the world; In 1992, Collier and Spaul used the term “computer forensics” in an academic paper; In 2001, Britain created the National Hi-Tech Crime Unit; In 2004, 43 countries signed The Convention of Cybercrime; 2005 was marked by the appearance of an ISO standard for digital forensics. At present, many scholars and specialists in digital forensics raise awareness of the issues the field is facing due to the rapid development of technologies. What Does a Digital Forensics Specialist Do? Digital forensic specialists play an important role in the process of investigation of cybercrimes. Mostly, they deal with the retrieval of data that was encrypted, deleted, or hidden. The tasks also include ensuring the integrity of the information that is to be used in court. At different stages of the investigation, computer forensics analysts may take part in interrogating suspects, victims, and witnesses. They also help prepare evidence to be represented in court. Private companies cooperate with digital forensic specialists as well. Their expertise is also required in personal and network security, the defense sector, large-scale financial institutions, and information technology companies. What Is Digital Forensics For? The main application of forensics is the analysis and investigation of events that include computer information as an object of an attack, a computer as a tool of committing a crime, and collecting, storing, and protecting any digital evidence. The results of the expert analysis are used to either support or negate a hypothesis in court. Digital forensics specialists may be involved in investigating both civil and criminal cases. In civil cases, any digital evidence is used to settle disputes between private persons or companies; Criminal cases imply investigations of breaking the law. Digital forensics experts may help investigate any criminal case if any digital data is found and represented as evidence. Private sector companies hire digital forensics analysts to prevent or investigate cyberattacks, security breaches, data leaks, or cyber threats. Many companies have their departments of information and cybersecurity. In many cases, computer forensics specialists deal with restoring lost data and protecting sensitive or classified information. What Are the Purposes of Digital Forensics? Digital forensics ensures and supports cybersecurity in the private sector and assists law enforcement in investigating criminal cases. The fast-paced development and implementation of new technologies in all areas of human activity require training computer experts to deal with specific objectives. These objectives include: Facilitating the recovery, analysis, and preservation of the data and helping prepare digital evidence for court representation; Ensuring all the necessary protocols of gathering evidence as the digital evidence must not be corrupted; Recovering any deleted or hidden data from any digital devices if the data is particularly significant for the case; Helping identify a suspect and establishing a motive for a crime; Producing a computer forensic report that prompts the investigation; Ensuring digital evidence integrity. Digital Forensic Process. Like any other branch of applied science, digital forensics has its protocols and a structured process. It can be divided into five stages: identifying, preserving, analyzing, documenting, and representing steps. Identification The first stage implies the identification of investigation goals and required resources. The analysts also identify the evidence, the type of data they deal with, and the devices the data is stored on. Digital forensics specialists work with all kinds of electronic storage devices: hard drives, mobile phones, personal computers, tablets, etc. Preservation At this stage, analysts ensure that the data is isolated and preserved. Usually, it means that no one can use the device until the end of the investigation, so the evidence remains secure. Analysis The analysis stage includes a deep systematic search for any relevant evidence. The specialists work with both system and user files and data objects. Based on the found evidence, the analysts draw conclusions. Documentation At this stage, all the found relevant evidence is documented. It helps to extend the crime scene and prompts investigation. Any digital evidence is recorded together with the photos, sketches, and crime scene mapping. Reporting At the final stage, all evidence and conclusions are reported according to forensics protocols, which include the methodologies and procedures of the analysis and their explanation. What Tools Are Used for Digital Forensics? At the early stages of digital forensics development, the specialists had a very limited choice of tools used to analyze digital evidence. It led to multiple allegations that such analysis might have caused evidence to be altered and corrupted. Inevitably, there emerged sophisticated tools designed specifically for digital forensics analysis. Disk and data capture tools can detect encrypted data and capture and preview the information on physical drives; File viewers and file analysis tools work to extract and analyze separate files; Registry analysis tools get the information about a user and their activities from the Windows registry; Internet and network analysis tools provide detailed information about traffic and monitor user’s activity on the Internet; Email analysis tools are designed to scan email content; Mobile device analysis tools help extract data from the internal and external memory of mobile devices; Mac OS analysis tools retrieve metadata from Mac operating systems and provide disk imaging; Database forensics tools can analyze and manipulate data and provide reports of activities performed. Types of Digital Evidences. Digital evidence is any sort of data stored and collected from any electronic storage device. Digital evidence can also be retrieved from wireless networks and random-access memory. There are many types of electronic evidence and methodologies of their retrieval, storage, and analysis. The types of electronic evidence include but are not limited to the following examples: Media files (photo, video, audio); User account data (usernames, passwords, avatars); Emails (content, senders’ and receivers’ information, attachments); Web browser history; Phone calls (video, audio); Databases; Accounting program files; Windows registry system files; RAM system files; Any type of digital files (text files, spreadsheets, PDF files, bookmarks, etc.); Records from networking devices; ATM transaction logs; GPS logs; Electronic door logs; CCTV cameras records; Hidden and encrypted data; Printer, fax, and copy machine logs; Computer backups. What Are Different Types and Branches of Digital Forensics? Digital forensics is a fast-growing scientific discipline. It evolves in response to the tremendous development of technology. At the current stage, digital forensics has its branches specializing in narrow fields. Computer Forensics. Computer forensics provides the collection, identification, preservation, and analysis of data from personal computers, laptops, and storage computing devices. Specialists in computer forensics are mostly involved in investigations of computer crimes, but their services are often needed in civil cases and the process of data recovery. Mobile Device Forensics. Specialists in this branch can retrieve data from smartphones, SIM cards, mobile phones, GPS devices, tablets, PDAs, and game consoles. This type of analysis is required to retrieve audio and visual data, contacts, and call logs from the devices presented in court as evidence. Network Forensics. Network forensics aims to monitor, register, and analyze any network activity. The network specialists analyze traffic and activity in case of security breaches, cyberattacks, and other incidents in cyberspace. Forensic Data Analysis. This branch of forensics analyzes structured data. The data analysts are mainly involved in investigating financial crimes and fraud. Database forensics. Database forensic specialists investigate any access to a database and report any changes made in the data. Database forensics can be used to verify commercial contracts and to investigate large-scale financial crimes. Email Forensics. Email forensics analysts retrieve relevant data from email. This information can be the senders’ and receivers’ identities, the content of the messages, time stamps, sources, and metadata. Email forensics tools are widely used when a company is suspected of email forgery. Malware Forensics. The specialists in this branch detect, analyze, and investigate different malware types to trace suspects and reasons for the attack. They also evaluate the damage caused by the attack and determine the code of the malware. Memory Forensics. This type of digital forensics is also called live acquisition. It retrieves the data from RAM. The recent development in cybercrime technology enables hackers to leave no traces on hard drives. In such cases, memory forensics helps to track down the attack. Wireless Forensics. Wireless forensics uses specific tools and methodologies to analyze and investigate traffic in a wireless environment. This type of analysis is crucial when computer crimes or cyberattacks are committed through the breach of security protocols in wireless networks. Disk Forensics. Specialists in disk forensics retrieve and recover data from hard drives and other physical storage devices, such as memory cards, servers, flash drives, and external USB sticks. Disk forensics analysts make sure any data relevant to the case is recovered, analyzed, and presented as evidence. What Are the Main Challenges in Digital Forensics? Digital forensics experts use forensic tools to collect evidence against criminals, and criminals use the same tools to conceal, modify, or remove traces of their criminal activity. It is known as the anti-forensics technique and is considered one of the key issues digital forensics faces. This branch of forensic science also deals with certain legal, technical, and resource challenges. Rapid Technological Development. As an example, there are currently eight different operating systems for mobile devices, and their versions are regularly updated. It makes it challenging to develop standard methods of digital forensic analysis. Availability. PC’s, mobile phones, tablets, game consoles, GPS devices, and other types of electronic devices are no longer a luxury for the average person. Availability of Hacking Tools. The Internet contains information, how-to’s, software, and tools for hackers. Anybody can get access to this type of resource effortlessly. Big Data Era. Terabytes of information can now be found even on personal hard drives. Excessive volumes of data make its analysis and preservation a challenging issue. Admissibility. The procedure of preserving and presenting electronic evidence is a complex process. It leads to some evidence being rejected by the court. How Can Biometrics Help in Digital Forensics? With a high rate of cyber crimes and sophisticated types of fraud, biometrics becomes a necessity. The article Biometrics in Forensic Identification: Applications and Challenges, published in the Journal of Forensic Medicine, discusses possible ways biometrics can be used in digital forensics. In particular, the paper names the benefits of using biometric aspects like fingerprints and palm prints, facial and voice recognition, handwriting, odor, keystroke biometrics, iris scans, and DNA analysis. Read more about biometric types here. How Can You Get into a Digital Forensics Career? To become a digital forensics specialist, a candidate should have a solid background in informatics, programming, or computer science. Many analysts start their careers in the IT sector as sysadmins or similar positions. They are already familiar with some electronic forensic tools or, at least, with these tools’ principles and functionality. However, digital forensics has different specialized objectives, and working in this branch of forensics requires special training. There are a few options to get both Bachelor’s and Master’s degrees in terms of academic training — and it can be done both on-site and online. The School of Business and Justice Studies at Utica College has specializations in cybercrime investigations and forensics as part of the Cybersecurity and Information Assurance Bachelor’s degree; Champlain College offers an online Computer Forensics & Digital Investigations Bachelor’s degree program; Purdue University’s Cybersecurity and Forensics Lab provides a Master’s degree in cyber forensics; The University of Maryland offers a Digital Forensics and Cyber Investigation Master’s degree; John Jay College of Criminal Justice has a Digital Forensics and Cybersecurity Master's degree. What Job Can You Get in Digital Forensics? Most of the jobs for digital forensics specialists can be found in the public sector. Apart from apparent positions in law enforcement and governmental agencies, there are also jobs offered in the private sector — private IT companies, public agencies, financial organizations, and many others. One can say that specialists in the field play two key roles. They either prevent possible cybercrimes and ensure cybersecurity, or they are involved in investigations of the crimes already committed. Depending on the academic degree, skills, experience, and seniority, there are different roles available in digital forensics. Computer forensic investigator; Digital forensic investigator; Computer expertise technician; Information security analyst; Digital forensics analyst; Digital/computer forensics engineer; Information systems security analyst; Forensic computer analyst; Cybersecurity consultant; Computer/digital forensic technician. Under current circumstances, a career in the field of digital forensics has good prospects. Job search engines like Glassdoor, Payscale, and the US Bureau of Labor Statistics have impressive salary projections for digital forensics jobs. The US Bureau of Labor Statistics predicts the growth in demand for this profession. What Skills Are Required for a Career in Digital Forensics? As was mentioned before, electronic forensic analysis involves the proper processing of all digital data related to a criminal case. To do this successfully, a future digital forensic analyst requires the following skillset. Good Technical Skills For obvious reasons, good technical skills are highly required for a career in digital forensics. It may be prior experience in programming, cloud computation systems, networks, or working with hardware. It is a solid foundation of the profession. Strong Analytical Skills It is not enough to only be able to retrieve, recover, and preserve data. A large part of a digital forensic specialist’s daily routine is analyzing the data and drawing conclusions to help solve cases. Deep Understanding of Cybersecurity Although most computer forensic analysts work to help solve the crimes that have already been committed, it is essential to understand how and why this happens. Excellent Communication Skills Digitals forensics specialists are always a part of a bigger team of investigators, police officers, and other analysts. Communication ensures the success of the entire investigation. Quick Learner Technology is developing rapidly. Analysts have to be able to digest massive amounts of information daily to stay up-to-date with the latest threads. Summary. Digital forensics plays an essential part in diverse human activity areas in both the public and private sectors; Digital forensics focuses on the investigation of digital evidence and methods of finding, obtaining, and securing such evidence; For the past fifty years, digital forensics has come a long way from an unstructured activity to a regulated applied science; Digital forensics has different branches according to the types of devices that data analysts focus on; Each branch has a specialized set of tools that works with different types of evidence; Digital forensics analysts assist law enforcement in solving crimes. This is done while following a particular set of rules and specific protocols; Digital forensics specialists are also actively hired by private companies and individuals to ensure cybersecurity; Formal professional training opens plenty of employment opportunities in both the public and private sectors, which makes this profession a good choice for people with required technical and analytical skills. Digital Forensics FAQ. How does digital forensics work? Digital forensics specialists are involved in the investigation of computer-related crimes. They collect, recover, store, and preserve data relevant to the investigation. They also perform an in-depth analysis of the data and prepare it as evidence presented in court. Why is digital forensics important? The number of cybercrimes increases every year. They may cause tremendous damage. And investigation of these crimes requires special training and skills. Digital forensics experts also work in the private sector's cybersecurity teams to prevent cybercrimes. Is digital forensics a good career? It is a solid career with good salary prospects and a predicted increase in demand for labor markets worldwide. What are digital forensics tools? Digital forensics tools can be divided into several types and include: Disk and data capture tools; File viewers and file analysis tools; Registry analysis tools; Internet and network analysis tools; Email analysis tools; Mobile devices analysis tools; Mac OS analysis tools; Database forensics tools. What is digital forensics used for? Digital forensics specialists prevent possible cybercrimes to ensure cybersecurity in the private sector, or they are involved in investigations of the crimes already committed. In the latter case, they work closely with law enforcement and governmental agencies. Who benefits from digital forensics? It is beneficial for both the public and private sectors. Digital forensics experts work not only with law enforcement but also with private companies and individuals. How is digital forensics different from digital recovery? Digital recovery is only one possible objective of digital forensics specialists. They also perform an in-depth analysis of recovered data and actively participate in crime investigation. Rate post 5/5 None Заявка наобучение Submit a request for biometrics implementation Get demo access to our solution or want to calculate the cost of licenses? Please fill out the contact form. All fields are required. Thank you for your interest in our solution. Your request has been received and is being reviewed. We will get in touch with you on the next business day. OK Application for training Want to learn more about biometrics? Leave your contacts and we will send you an invitation to the next webinar. Thank you for your interest in our solution. Your request has been received and is being reviewed. We will get in touch with you on the next business day. OK Demo license application Want to learn more about biometrics? Leave your details and we will send you an invitation. Thank you for your interest! We will send you an invitation to obtain a demo license soon. OK Application for cooperation Want to integrate your VMS with our plugin? Let's work together! Thank you for your interest! We will contact you shortly. OK Регистрация партнера. We use cookies to best present our site. If you continue to use the site, we will assume that it suits youOk
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 148
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 117
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 93
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 49
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 36
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 34
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 32
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 32
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => specialist
                                            [tf] => 27
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 23
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 22
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => crime
                                            [tf] => 22
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 22
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => type
                                            [tf] => 21
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => forensic specialist
                                            [tf] => 20
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => analyst
                                            [tf] => 19
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => branch
                                            [tf] => 15
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => digital forensic specialist
                                            [tf] => 14
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 14
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 13
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => cybercrime
                                            [tf] => 13
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => private
                                            [tf] => 13
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => file
                                            [tf] => 13
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => analysi tool
                                            [tf] => 12
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => cybersecurity
                                            [tf] => 12
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => activity
                                            [tf] => 11
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => biometric
                                            [tf] => 11
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => sector
                                            [tf] => 11
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => criminal
                                            [tf] => 10
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => career
                                            [tf] => 10
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => network
                                            [tf] => 10
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => work
                                            [tf] => 10
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => stage
                                            [tf] => 9
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => company
                                            [tf] => 9
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => electronic
                                            [tf] => 9
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => email
                                            [tf] => 9
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => forensic digital
                                            [tf] => 8
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => forensic analyst
                                            [tf] => 8
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => private sector
                                            [tf] => 8
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => digital forensic digital
                                            [tf] => 7
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => forensic tool
                                            [tf] => 7
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => forensic digital forensic
                                            [tf] => 6
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 6
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => digital forensic expert
                                            [tf] => 5
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => master
                                            [tf] => 5
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => forensic expert
                                            [tf] => 5
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => type digital
                                            [tf] => 5
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => forensic analysi
                                            [tf] => 5
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => mobile device
                                            [tf] => 5
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => database forensic
                                            [tf] => 5
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => degree
                                            [tf] => 5
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => tool digital forensic
                                            [tf] => 4
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => career digital forensic
                                            [tf] => 4
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => digital forensic analyst
                                            [tf] => 4
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => mobile phone
                                            [tf] => 4
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => digital device
                                            [tf] => 4
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => forensic branch
                                            [tf] => 4
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => tool digital
                                            [tf] => 4
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => career digital
                                            [tf] => 4
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => evidence digital
                                            [tf] => 4
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => branch forensic
                                            [tf] => 4
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => computer crime
                                            [tf] => 4
                                        )

                                    [62] => stdClass Object
                                        (
                                            [term] => private company
                                            [tf] => 4
                                        )

                                    [63] => stdClass Object
                                        (
                                            [term] => hard drif
                                            [tf] => 4
                                        )

                                    [64] => stdClass Object
                                        (
                                            [term] => involved investigation
                                            [tf] => 4
                                        )

                                    [65] => stdClass Object
                                        (
                                            [term] => digital forensic branch
                                            [tf] => 3
                                        )

                                    [66] => stdClass Object
                                        (
                                            [term] => specialist digital forensic
                                            [tf] => 3
                                        )

                                    [67] => stdClass Object
                                        (
                                            [term] => biometric digital forensic
                                            [tf] => 3
                                        )

                                    [68] => stdClass Object
                                        (
                                            [term] => job digital forensic
                                            [tf] => 3
                                        )

                                    [69] => stdClass Object
                                        (
                                            [term] => required career digital
                                            [tf] => 3
                                        )

                                    [70] => stdClass Object
                                        (
                                            [term] => investigation digital evidence
                                            [tf] => 3
                                        )

                                    [71] => stdClass Object
                                        (
                                            [term] => digital forensic analysi
                                            [tf] => 3
                                        )

                                    [72] => stdClass Object
                                        (
                                            [term] => court digital forensic
                                            [tf] => 3
                                        )

                                    [73] => stdClass Object
                                        (
                                            [term] => master degree
                                            [tf] => 3
                                        )

                                    [74] => stdClass Object
                                        (
                                            [term] => skill digital forensic
                                            [tf] => 3
                                        )

                                    [75] => stdClass Object
                                        (
                                            [term] => public private sector
                                            [tf] => 3
                                        )

                                    [76] => stdClass Object
                                        (
                                            [term] => device digital
                                            [tf] => 3
                                        )

                                    [77] => stdClass Object
                                        (
                                            [term] => forensic science
                                            [tf] => 3
                                        )

                                    [78] => stdClass Object
                                        (
                                            [term] => analysi preservation
                                            [tf] => 3
                                        )

                                    [79] => stdClass Object
                                        (
                                            [term] => digital data
                                            [tf] => 3
                                        )

                                    [80] => stdClass Object
                                        (
                                            [term] => data digital
                                            [tf] => 3
                                        )

                                    [81] => stdClass Object
                                        (
                                            [term] => data relevant
                                            [tf] => 3
                                        )

                                    [82] => stdClass Object
                                        (
                                            [term] => meaning definition
                                            [tf] => 3
                                        )

                                    [83] => stdClass Object
                                        (
                                            [term] => specialist digital
                                            [tf] => 3
                                        )

                                    [84] => stdClass Object
                                        (
                                            [term] => biometric digital
                                            [tf] => 3
                                        )

                                    [85] => stdClass Object
                                        (
                                            [term] => job digital
                                            [tf] => 3
                                        )

                                    [86] => stdClass Object
                                        (
                                            [term] => required career
                                            [tf] => 3
                                        )

                                    [87] => stdClass Object
                                        (
                                            [term] => investigation digital
                                            [tf] => 3
                                        )

                                    [88] => stdClass Object
                                        (
                                            [term] => court digital
                                            [tf] => 3
                                        )

                                    [89] => stdClass Object
                                        (
                                            [term] => investigation computer
                                            [tf] => 3
                                        )

                                    [90] => stdClass Object
                                        (
                                            [term] => criminal cas
                                            [tf] => 3
                                        )

                                    [91] => stdClass Object
                                        (
                                            [term] => device data
                                            [tf] => 3
                                        )

                                    [92] => stdClass Object
                                        (
                                            [term] => storage device
                                            [tf] => 3
                                        )

                                    [93] => stdClass Object
                                        (
                                            [term] => data capture
                                            [tf] => 3
                                        )

                                    [94] => stdClass Object
                                        (
                                            [term] => type electronic
                                            [tf] => 3
                                        )

                                    [95] => stdClass Object
                                        (
                                            [term] => electronic evidence
                                            [tf] => 3
                                        )

                                    [96] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 3
                                        )

                                    [97] => stdClass Object
                                        (
                                            [term] => email forensic
                                            [tf] => 3
                                        )

                                    [98] => stdClass Object
                                        (
                                            [term] => disk forensic
                                            [tf] => 3
                                        )

                                    [99] => stdClass Object
                                        (
                                            [term] => bachelor
                                            [tf] => 3
                                        )

                                    [100] => stdClass Object
                                        (
                                            [term] => prevent cybercrime
                                            [tf] => 3
                                        )

                                    [101] => stdClass Object
                                        (
                                            [term] => ensure cybersecurity
                                            [tf] => 3
                                        )

                                    [102] => stdClass Object
                                        (
                                            [term] => investigation crime
                                            [tf] => 3
                                        )

                                    [103] => stdClass Object
                                        (
                                            [term] => crime committed
                                            [tf] => 3
                                        )

                                    [104] => stdClass Object
                                        (
                                            [term] => skill digital
                                            [tf] => 3
                                        )

                                    [105] => stdClass Object
                                        (
                                            [term] => public private
                                            [tf] => 3
                                        )

                                    [106] => stdClass Object
                                        (
                                            [term] => send invitation
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 38
                            [rank] => 3090423
                        )

                    [14] => stdClass Object
                        (
                            [position] => 15
                            [title] => FBI — Recovering and Examining Computer Forensic Evidence by Noblett et al. (Forensic Science Communications, October 2000)
                            [url] => https://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/oct2000/computer.htm
                            [destination] => https://www.fbi.gov › about-us › lab › fsc › oct2000
                            [isAmp] => 
                            [organic_position] => 15
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => FBI — Recovering and Examining Computer Forensic Evidence
                            [serp_description] => Typical computer examinations must recognize the fast-changing and diverse world in which the computer forensic science examiner works. Sijie ...
                            [hostname] => fbi.gov
                            [h1] => Recovering and Examining Computer Forensic Evidence by Noblett et al. (Forensic Science Communications, October 2000)
                            [h2] => Array
                                (
                                )

                            [h3] => Array
                                (
                                )

                            [h2WithAnchors] => Array
                                (
                                )

                            [type] => article
                            [wordCount] => 4065
                            [imgCount] => 13
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 129
                                    [outboundSize] => 10
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Photo Gallery
                                                    [href] => https://www.flickr.com/photos/fbi/albums
                                                    [hrefDomain] => flickr.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => Facebook
                                                    [href] => http://www.facebook.com/FBI
                                                    [hrefDomain] => facebook.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => You Tube
                                                    [href] => http://youtube.com/fbi
                                                    [hrefDomain] => youtube.com
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => Twitter
                                                    [href] => http://twitter.com/FBI
                                                    [hrefDomain] => twitter.com
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => iTunes
                                                    [href] => https://itunes.apple.com/us/podcast/fbi-this-week/id281204861?mt=2&ign-mpt=uo=4
                                                    [hrefDomain] => apple.com
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => eRulemaking
                                                    [href] => http://www.regulations.gov
                                                    [hrefDomain] => regulations.gov
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => Legal Policies and Disclaimers
                                                    [href] => http://www.justice.gov/legalpolicies.htm
                                                    [hrefDomain] => justice.gov
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => USA.gov
                                                    [href] => http://www.usa.gov/
                                                    [hrefDomain] => usa.gov
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => White House
                                                    [href] => http://www.whitehouse.gov/
                                                    [hrefDomain] => whitehouse.gov
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => U.S. Department of Justice
                                                    [href] => http://www.justice.gov/
                                                    [hrefDomain] => justice.gov
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 5
                                            [name] => Sections
                                            [tag] => h5
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 6
                                                            [name] => 
                                                            [tag] => h6
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Computer Forensic Science. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Examining Computer Evidence. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [2] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Conclusion. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [3] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => References. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://www.fbi.gov/fbi_seal_mini.png
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Recovering and Examining Computer Forensic Evidence by Noblett et al. (Forensic Science Communications, October 2000)   Recovering and Examining Computer Forensic Evidence by Noblett et al. (Forensic Science Communications, October 2000) October 2000 - Volume 2 - Number 4 Recovering and Examining Computer Forensic Evidence Michael G. Noblett Senior Associate Booz-Allen & Hamilton Falls Church, Virginia Mark M. Pollitt Unit Chief Computer Analysis and Response Team Federal Bureau of Investigation Washington, DC Lawrence A. Presley Training Instructor Forensic Science Training Unit Quantico, Virginia Introduction | Computer Forensic Science | Background | A New Relationship | Forensic Results | Common Goals | Examining Computer Evidence | Conclusion | References Introduction The world is becoming a smaller place in which to live and work. A technological revolution in communications and information exchange has taken place within business, industry, and our homes. America is substantially more invested in information processing and management than manufacturing goods, and this has affected our professional and personal lives. We bank and transfer money electronically, and we are much more likely to receive an E-mail than a letter. It is estimated that the worldwide Internet population is 349 million (CommerceNet Research Council 2000). In this information technology age, the needs of law enforcement are changing as well. Some traditional crimes, especially those concerning finance and commerce, continue to be upgraded technologically. Paper trails have become electronic trails. Crimes associated with the theft and manipulations of data are detected daily. Crimes of violence also are not immune to the effects of the information age. A serious and costly terrorist act could come from the Internet instead of a truck bomb. The diary of a serial killer may be recorded on a floppy disk or hard disk drive rather than on paper in a notebook. FBI computer evidence examiners review the contents of a computer hard drive. Just as the workforce has gradually converted from manufacturing goods to processing information, criminal activity has, to a large extent, also converted from a physical dimension, in which evidence and investigations are described in tangible terms, to a cyber dimension, in which evidence exists only electronically, and investigations are conducted online. Computer Forensic Science. Computer forensic science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence. Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. As a forensic discipline, nothing since DNA technology has had such a large potential effect on specific types of investigations and prosecutions as computer forensic science. Computer forensic science is, at its core, different from most traditional forensic disciplines. The computer material that is examined and the techniques available to the examiner are products of a market-driven private sector. Furthermore, in contrast to traditional forensic analyses, there commonly is a requirement to perform computer examinations at virtually any physical location, not only in a controlled laboratory setting. Rather than producing interpretative conclusions, as in many forensic disciplines, computer forensic science produces direct information and data that may have significance in a case. This type of direct data collection has wide-ranging implications for both the relationship between the investigator and the forensic scientist and the work product of the forensic computer examination. Background Computer forensic science is largely a response to a demand for service from the law enforcement community. As early as 1984, the FBI Laboratory and other law enforcement agencies began developing programs to examine computer evidence. To properly address the growing demands of investigators and prosecutors in a structured and programmatic manner, the FBI established the Computer Analysis and Response Team (CART) and charged it with the responsibility for computer analysis. Although CART is unique in the FBI, its functions and general organization are duplicated in many other law enforcement agencies in the United States and other countries. An early problem addressed by law enforcement was identifying resources within the organization that could be used to examine computer evidence. These resources were often scattered throughout the agency. Today, there appears to be a trend toward moving these examinations to a laboratory environment. In 1995, a survey conducted by the U.S. Secret Service indicated that 48 percent of the agencies had computer forensic laboratories and that 68 percent of the computer evidence seized was forwarded to the experts in those laboratories. As encouraging as these statistics are for a controlled programmatic response to computer forensic needs, the same survey reported that 70 percent of these same law enforcement agencies were doing the work without a written procedures manual (Noblett 1995). Computer forensic examinations are conducted in forensic laboratories, data processing departments, and in some cases, the detective’s squad room. The assignment of personnel to conduct these examinations is based often on available expertise, as well as departmental policy. Regardless of where the examinations are conducted, a valid and reliable forensic examination is required. This requirement recognizes no political, bureaucratic, technological, or jurisdictional boundaries. There are ongoing efforts to develop examination standards and to provide structure to computer forensic examinations. As early as 1991, a group of six international law enforcement agencies met with several U.S. federal law enforcement agencies in Charleston, South Carolina, to discuss computer forensic science and the need for a standardized approach to examinations. In 1993, the FBI hosted an International Law Enforcement Conference on Computer Evidence that was attended by 70 representatives of various U.S. federal, state, and local law enforcement agencies and international law enforcement agencies. All agreed that standards for computer forensic science were lacking and needed. This conference again convened in Baltimore, Maryland, in 1995, Australia in 1996, and the Netherlands in 1997, and ultimately resulted in the formation of the International Organization on Computer Evidence. In addition, a Scientific Working Group on Digital Evidence (SWGDE) was formed to address these same issues among federal law enforcement agencies. Back to the top A New Relationship Forensic science disciplines have affected countless criminal investigations dramatically and have provided compelling testimony in scores of trials. To enhance objectivity and to minimize the perception of bias, forensic science traditionally has remained at arms length from much of the actual investigation. It uses only those specific details from the investigation that are necessary for the examination. These details might include possible sources of contamination at the crime scene or fingerprints of individuals not related to the investigation who have touched the evidence. Forensic science relies on the ability of the scientists to produce a report based on the objective results of a scientific examination. The actual overall case may play a small part in the examination process. As a case in point, a DNA examination in a rape case can be conducted without knowledge of the victim’s name, the subject, or the specific circumstances of the crime. Conversely, computer forensic science, to be effective, must be driven by information uncovered during the investigation. With the average storage capacity in a personally owned microcomputer approaching 30 gigabytes (GB; Fischer 1997), and systems readily available that have 60-GB storage capacity or more, it is likely to be impossible from a practical standpoint to completely and exhaustively examine every file stored on a seized computer system. In addition, because computers serve such wide and varied uses within an organization or household, there may be legal prohibitions against searching every file. Attorney or physician computers may contain not only evidence of fraud but probably also client and patient information that is privileged. Data centrally stored on a computer server may contain an incriminating E-mail prepared by the subject as well as E-mail of innocent third parties who would have a reasonable expectation of privacy. As difficult as it would be to scan a directory of every file on a computer system, it would be equally difficult for law enforcement personnel to read and assimilate the amount of information contained within the files. For example, 12 GB of printed text data would create a stack of paper 24 stories high. For primarily pragmatic reasons, computer forensic science is used most effectively when only the most probative information and details of the investigation are provided to the forensic examiner. From this information, the examiner can create a list of key words to cull specific, probative, and case-related information from very large groups of files. Even though the examiner may have the legal right to search every file, time limitations and other judicial constraints may not permit it. The examination in most cases should be limited to only well-identified probative information. Forensic Results Forensic science has historically produced results that have been judged to be both valid and reliable. For example, DNA analysis attempts to develop specific identifying information relative to an individual. To support their conclusions, forensic DNA scientists have gathered extensive statistical data on the DNA profiles from which they base their conclusions. Computer forensic science, by comparison, extracts or produces information. The purpose of the computer examination is to find information related to the case. To support the results of a computer forensic examination, procedures are needed to ensure that only the information exists on the computer storage media, unaltered by the examination process. Unlike forensic DNA analysis or other forensic disciplines, computer forensic science makes no interpretive statement as to the accuracy, reliability, or discriminating power of the actual data or information. Beyond the forensic product and the case-related information needed to efficiently perform the work, there is another significant difference between most traditional forensic science and computer forensic science. Traditional forensic analysis can be controlled in the laboratory setting and can progress logically, incrementally, and in concert with widely accepted forensic practices. In comparison, computer forensic science is almost entirely technology and market driven, generally outside the laboratory setting, and the examinations present unique variations in almost every situation. Common Goals These dissimilarities aside, both the scientific conclusions of traditional forensic analyses and the information of computer forensic science are distinctive forensic examinations. They share all the legal and good laboratory practice requirements of traditional forensic sciences in general. They both will be presented in court in adversarial and sometimes very probing proceedings. Both must produce valid and reliable results from state-of-the-art procedures that are detailed, documented, and peer-reviewed and from protocols acceptable to the relevant scientific community (ASCLD/LAB 1994). As laboratories begin to examine more computer-related evidence, they must establish policies regarding computer forensic examinations and, from these policies, develop protocols and procedures. The policies should reflect the broad, community-wide goal of providing valid and reproducible results, even though the submissions may come from diverse sources and present novel examination issues. As the laboratory moves from the policy statement to protocol development, each individual procedure must be well-documented and sufficiently robust to withstand challenges to both the results and methodology. However, computer forensic science, unlike some of its traditional forensic counterparts, cannot rely on receiving similar evidence in every submission. For instance, DNA from any source, once cleared of contaminants and reduced to its elemental form, is generic. From that point, the protocols for forensic DNA analysis may be applied similarly to all submissions. The criminal justice system has come to expect a valid and reliable result using those DNA protocols. For the following reasons, computer forensic science can rarely expect these same elements of standardized repetitive testing in many of its submissions: Operating systems, which define what a computer is and how it works, vary among manufacturers. For example, techniques developed for a personal computer using the Disk Operating System (DOS) environment may not correspond to operating systems such as UNIX, which are multi-user environments. Applications programs are unique. Storage methods may be unique to both the device and the media. Typical computer examinations must recognize the fast-changing and diverse world in which the computer forensic science examiner works. Sijie Examining Computer Evidence. Computer evidence represented by physical items such as chips, boards, central processing units, storage media, monitors, and printers can be described easily and correctly as a unique form of physical evidence. The logging, description, storage, and disposition of physical evidence are well understood. Forensic laboratories have detailed plans describing acceptable methods for handling physical evidence. To the extent that computer evidence has a physical component, it does not represent any particular challenge. However, the evidence, while stored in these physical items, is latent and exists only in a metaphysical electronic form. The result that is reported from the examination is the recovery of this latent information. Although forensic laboratories are very good at ensuring the integrity of the physical items in their control, computer forensics also requires methods to ensure the integrity of the information contained within those physical items. The challenge to computer forensic science is to develop methods and techniques that provide valid and reliable results while protecting the real evidence—the information—from harm.  To complicate the matter further, computer evidence almost never exists in isolation. It is a product of the data stored, the application used to create and store it, and the computer system that directed these activities. To a lesser extent, it is also a product of the software tools used in the laboratory to extract it. Computer forensic science issues must also be addressed in the context of an emerging and rapidly changing environment. However, even as the environment changes, both national and international law enforcement agencies recognize the need for common technical approaches and are calling for standards (Pollitt 1998). Because of this, a model (see Figure 1) must be constructed that works on a long-term basis even when short-term changes are the rule rather than the exception. The model that we describe is a three-level hierarchical model consisting of the following: An overarching concept of the principles of examination, Policies and practices, and Procedures and techniques. Principles of examinations are large-scale concepts that almost always apply to the examination. They are the consensus approaches as to what is important among professionals and laboratories conducting these examinations. They represent the collective technical practice and experience of forensic computer examiners. Organizational policy and practices are structural guidance that applies to forensic examinations. These are designed to ensure quality and efficiency in the workplace. In computer forensic science, these are the good laboratory practices by which examinations are planned, performed, monitored, recorded, and reported to ensure the quality and integrity of the work product. Procedures and techniques are software and hardware solutions to specific forensic problems. The procedures and techniques are detailed instructions for specific software packages as well as step-by-step instructions that describe the entire examination procedure (Pollitt 1995). As an overall example, a laboratory may require that examinations be conducted, if possible and practical, on copies of the original evidence. This requirement is a principle of examination. It represents a logical approach taken by the computer forensic science community as a whole, and it is based on the tenet of protecting the original evidence from accidental or unintentional damage or alteration. This principle is predicated on the fact that digital evidence can be duplicated exactly to create a copy that is true and accurate. Creating the copy and ensuring that it is true and accurate involves a subset of the principle, that is, policy and practice. Each agency and examiner must make a decision as to how to implement this principle on a case-by-case basis. Factors in that decision include the size of the data set, the method used to create it, and the media on which it resides. In some cases it may be sufficient to merely compare the size and creation dates of files listed in the copy to the original. In others, it may require the application of more technically robust and mathematical rigorous techniques such as a cyclical redundancy check (CRC) or calculating a message digest (MD). CRC and MD are computer algorithms that produce unique mathematical representations of the data. They are calculated for both the original and the copy and then compared for identity. The selection of tools must be based on the character of the evidence rather than simply laboratory policy. It is likely that examiners will need several options available to them to perform this one function. An examiner responsible for duplicating evidence must first decide an appropriate level of verification to weigh time constraints against large file types. The mathematical precision and discriminating power of these algorithms are usually directly proportional to the amount of time necessary to calculate them. If there were 1 million files to be duplicated, each less than 1 kilobyte in size, time and computational constraints would likely be a major determining factor. This circumstance would probably result in a decision to use a faster, but less precise and discriminating, data integrity algorithm. Having decided how best to ensure the copy process will be complete and accurate, the next step is the actual task. This is a subset of the policy and practice, that is, procedures and techniques. These most closely represent the standard cookbook approach to protocol development. They are complete and contain required detailed steps that may be used to copy the data, verify that the operation was complete, and ensure that a true and accurate copy has been produced. Again, as Figure 1 illustrates, a principle may spawn more that one policy, and those policies can accept many different techniques. The path an examiner takes in each case is well-documented and technologically sound for that particular case. It may not, however, be the same path the examiner takes with the next case. Traditional forensic examinations, such as the DNA examination of blood recovered from a crime scene, lend themselves to a routine and standardized series of steps that can be repeated in case after case. There is generally no such thing as generic computer evidence procedures. The evidence is likely to be significantly different every time a submission is received by the laboratory and will likely require an examination plan tailored to that particular evidence. Although this situation may present a recurrent consideration of management checks and controls within the laboratory setting, it is a consideration that must be addressed and improved if this emerging forensic discipline is to remain an effective and reliable tool in the criminal justice system. Conclusion. Valid and reliable methods to recover data from computers seized as evidence in criminal investigations are becoming fundamental for law enforcement agencies worldwide. These methods must be technologically robust to ensure that all probative information is recovered. They must also be legally defensible to ensure that nothing in the original evidence was altered and that no data was added to or deleted from the original. The forensic discipline of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media is computer forensic science. This article examined issues surrounding the need to develop laboratory protocols for computer forensic science that meet critical technological and legal goals. Computer forensic scientists need to develop ongoing relationships with the criminal justice agencies they serve. The reasons for these relationships include the following: In their efforts to minimize the amount of data that must be recovered and to make their examinations more efficient and effective, computer forensic scientists must have specific knowledge of investigative details. This is a clear requirement that is generally more demanding than traditional forensic science requests, and it places more reliance on case information. Courts are requiring that more information rather than equipment be seized. This requires cooperative efforts between law enforcement officers and the computer forensic scientist to ensure that the technical resources necessary for the execution of the search warrant are sufficient to address both the scope and complexity of the search. Computers may logically contain both information identified in the warrant as well as information that may be constitutionally protected. The computer forensic scientist is probably the most qualified person to advise both the investigator and prosecutor as to how to identify technical solutions to these intricate situations. Developing computer examination protocols for forensic computer analysis is unique for several reasons: Unlike some traditional forensic analyses that attempt to gather as much information as possible from an evidence sample, computer forensic analysis attempts to recover only probative information from a large volume of generally heterogenous information. Computer forensic science must take into account the reality that computer forensic science is primarily market driven, and the science must adapt quickly to new products and innovations with valid and reliable examination and analysis techniques. The work product of computer forensic science examinations also differs from most traditional forensic work products. Traditional forensic science attempts to develop a series of accurate and reliable facts. For example, the DNA extracted from blood found at a crime scene can be matched to a specific person to establish the fact that the blood was shed by that person to the exclusion of all other individuals. Computer forensic science generally makes no interpretive statement as to the accuracy or reliability of the information obtained and normally renders only the information recovered. Computer forensic science protocols should be written in a hierarchical manner so that overarching principles remain constant, but examination techniques can adapt quickly to the computer system to be examined. This approach to computer forensic protocols may differ from those developed for many traditional forensic disciplines, but it is necessary to accommodate a unique forensic examination. References. American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ASCLD/LAB). ASCLD/LAB Manual. American Society of Crime Laboratory Directors/Laboratory Accreditation Board, Garner, North Carolina, 1994, pp. 29–30. CommerceNet Research Council. 2000 Industry Statistics. Available at http://www.commerce.net/research/stats/wwstats.html. Fischer, L. M. I.B.M. plans to announce leap in disk-drive capacity, New York Times (December 30, 1997), p. C-2. Noblett, M. G. Report of the Federal Bureau of Investigation on development of forensic tools and examinations for data recovery from computer evidence. In: Proceedings of the 11th INTERPOL Forensic Science Symposium, Lyon, France. The Forensic Sciences Foundation Press, Boulder, Colorado, 1995. Pollitt, M. The Federal Bureau of Investigation report on computer evidence and forensics. In: Proceedings of the 12th INTERPOL Forensic Science Symposium, Lyon, France. The Forensic Sciences Foundation Press, Boulder, Colorado, 1998. Pollitt, M. Computer Evidence Examinations at the FBI. Unpublished presentation at the 2nd International Law Enforcement Conference on Computer Evidence, Baltimore, Maryland, April 10, 1995. 01.03.11 FSC Links - Table of Contents - Meetings and Conferences - Editors - Back Issues - About FSC - Instructions for Authors - Search - FBI Laboratory - Current Issue   Contact Us | About Us | Most Wanted | News | Stats & Services | Scams & Safety | Jobs | Fun & Games | Mobile | Español Resources for: Law Enforcement | Intel Partners | Researchers/Students | Communities | Parents | Victims | Businesses Follow Us On: Facebook | You Tube | Twitter | iTunes | All Sites Accessibility | eRulemaking | Freedom of Information Act | Legal Notices | Legal Policies and Disclaimers | Links | Privacy Policy | USA.gov | White House FBI.gov is an official site of the U.S. government, U.S. Department of Justice
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 98
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 92
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => science
                                            [tf] => 48
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 47
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => forensic science
                                            [tf] => 46
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => examination
                                            [tf] => 44
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 43
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 37
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => computer forensic science
                                            [tf] => 31
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => laboratory
                                            [tf] => 24
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 19
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => law
                                            [tf] => 19
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => enforcement
                                            [tf] => 19
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 19
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => computer evidence
                                            [tf] => 18
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => case
                                            [tf] => 18
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => traditional
                                            [tf] => 14
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => agency
                                            [tf] => 14
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => policy
                                            [tf] => 14
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => traditional forensic
                                            [tf] => 13
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 13
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => procedure
                                            [tf] => 12
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => result
                                            [tf] => 12
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => examiner
                                            [tf] => 12
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => dna
                                            [tf] => 11
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => technique
                                            [tf] => 11
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => law enforcement agency
                                            [tf] => 10
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => enforcement agency
                                            [tf] => 10
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 10
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => work
                                            [tf] => 10
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => physical
                                            [tf] => 10
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => specific
                                            [tf] => 10
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 10
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => protocol
                                            [tf] => 10
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => forensic examination
                                            [tf] => 9
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => product
                                            [tf] => 9
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => reliable
                                            [tf] => 9
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => file
                                            [tf] => 9
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => ensure
                                            [tf] => 9
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => forensic discipline
                                            [tf] => 7
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => valid reliable
                                            [tf] => 7
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => noblett
                                            [tf] => 6
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => international law enforcement
                                            [tf] => 5
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => examining computer
                                            [tf] => 5
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => computer examination
                                            [tf] => 5
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => forensic scientist
                                            [tf] => 5
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => international law
                                            [tf] => 5
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => computer forensic examination
                                            [tf] => 4
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => traditional forensic science
                                            [tf] => 4
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => computer forensic scientist
                                            [tf] => 4
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => recovering examining
                                            [tf] => 4
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => federal bureau
                                            [tf] => 4
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => computer analysi
                                            [tf] => 4
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => laboratory setting
                                            [tf] => 4
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => work product
                                            [tf] => 4
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => forensic laboratory
                                            [tf] => 4
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => computer system
                                            [tf] => 4
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => probative information
                                            [tf] => 4
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => physical item
                                            [tf] => 4
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => policy practice
                                            [tf] => 4
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => procedure technique
                                            [tf] => 4
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => recovering examining computer
                                            [tf] => 3
                                        )

                                    [62] => stdClass Object
                                        (
                                            [term] => examining computer forensic
                                            [tf] => 3
                                        )

                                    [63] => stdClass Object
                                        (
                                            [term] => computer forensic evidence
                                            [tf] => 3
                                        )

                                    [64] => stdClass Object
                                        (
                                            [term] => federal bureau investigation
                                            [tf] => 3
                                        )

                                    [65] => stdClass Object
                                        (
                                            [term] => forensic science computer
                                            [tf] => 3
                                        )

                                    [66] => stdClass Object
                                        (
                                            [term] => science computer forensic
                                            [tf] => 3
                                        )

                                    [67] => stdClass Object
                                        (
                                            [term] => forensic discipline computer
                                            [tf] => 3
                                        )

                                    [68] => stdClass Object
                                        (
                                            [term] => traditional forensic analysis
                                            [tf] => 3
                                        )

                                    [69] => stdClass Object
                                        (
                                            [term] => valid reliable result
                                            [tf] => 3
                                        )

                                    [70] => stdClass Object
                                        (
                                            [term] => forensic evidence
                                            [tf] => 3
                                        )

                                    [71] => stdClass Object
                                        (
                                            [term] => october 2000
                                            [tf] => 3
                                        )

                                    [72] => stdClass Object
                                        (
                                            [term] => pollitt
                                            [tf] => 3
                                        )

                                    [73] => stdClass Object
                                        (
                                            [term] => bureau investigation
                                            [tf] => 3
                                        )

                                    [74] => stdClass Object
                                        (
                                            [term] => mail
                                            [tf] => 3
                                        )

                                    [75] => stdClass Object
                                        (
                                            [term] => science computer
                                            [tf] => 3
                                        )

                                    [76] => stdClass Object
                                        (
                                            [term] => stored computer
                                            [tf] => 3
                                        )

                                    [77] => stdClass Object
                                        (
                                            [term] => discipline computer
                                            [tf] => 3
                                        )

                                    [78] => stdClass Object
                                        (
                                            [term] => market driven
                                            [tf] => 3
                                        )

                                    [79] => stdClass Object
                                        (
                                            [term] => forensic analysis
                                            [tf] => 3
                                        )

                                    [80] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 3
                                        )

                                    [81] => stdClass Object
                                        (
                                            [term] => examine computer
                                            [tf] => 3
                                        )

                                    [82] => stdClass Object
                                        (
                                            [term] => examination conducted
                                            [tf] => 3
                                        )

                                    [83] => stdClass Object
                                        (
                                            [term] => crime scene
                                            [tf] => 3
                                        )

                                    [84] => stdClass Object
                                        (
                                            [term] => information forensic
                                            [tf] => 3
                                        )

                                    [85] => stdClass Object
                                        (
                                            [term] => dna analysi
                                            [tf] => 3
                                        )

                                    [86] => stdClass Object
                                        (
                                            [term] => forensic dna
                                            [tf] => 3
                                        )

                                    [87] => stdClass Object
                                        (
                                            [term] => reliable result
                                            [tf] => 3
                                        )

                                    [88] => stdClass Object
                                        (
                                            [term] => criminal justice
                                            [tf] => 3
                                        )

                                    [89] => stdClass Object
                                        (
                                            [term] => operating system
                                            [tf] => 3
                                        )

                                    [90] => stdClass Object
                                        (
                                            [term] => physical evidence
                                            [tf] => 3
                                        )

                                    [91] => stdClass Object
                                        (
                                            [term] => principle examination
                                            [tf] => 3
                                        )

                                    [92] => stdClass Object
                                        (
                                            [term] => original evidence
                                            [tf] => 3
                                        )

                                    [93] => stdClass Object
                                        (
                                            [term] => true accurate
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 62
                            [rank] => 690
                        )

                    [15] => stdClass Object
                        (
                            [position] => 16
                            [title] => CSDL | IEEE Computer Society
                            [url] => https://www.computer.org/csdl/magazine/sp/2009/02/msp2009020026/13rRUxly9c9
                            [destination] => https://www.computer.org › 2009/02 › msp2009020026
                            [isAmp] => 
                            [date] => by BD Carrier · 2009 · Cited by 38
                            [organic_position] => 16
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Digital Forensics Works - IEEE Computer Society
                            [serp_description] => In this article, I argue that although digital forensic investigations do face challenges, we shouldn't expect them to go away as long as the investigators ...
                            [hostname] => computer.org
                            [h1] => 
                            [h2] => Array
                                (
                                )

                            [h3] => Array
                                (
                                )

                            [h2WithAnchors] => Array
                                (
                                )

                            [wordCount] => 0
                            [imgCount] => 0
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 0
                                    [outboundSize] => 0
                                    [list] => Array
                                        (
                                        )

                                )

                            [toc] => Array
                                (
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => 
                            [page_rank_decimal] => 54
                            [rank] => 12338
                        )

                    [16] => stdClass Object
                        (
                            [position] => 17
                            [title] => What is digital forensics? And how to land a job in this hot field | CSO Online
                            [url] => https://www.csoonline.com/article/3334396/what-is-digital-forensics-and-how-to-land-a-job-in-this-hot-field.html
                            [destination] => https://www.csoonline.com › ... › Security
                            [description] => Digital forensics is the application of scientific investigatory techniques to digital crimes and attacks. Think beyond the awful (and justly cancelled) TV show CSI Cyber; digital forensics is a crucial aspect of law and business in the internet age and can be a rewarding and lucrative career path
                            [isAmp] => 
                            [date] => 25 Jan 2019
                            [organic_position] => 17
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => What is digital forensics? And how to land a job in this hot field
                            [serp_description] => How digital forensics is used in investigations · Collection, in which digital evidence is acquired. · Examination, in which various methods are ...
                            [hostname] => csoonline.com
                            [canonical] => https://www.csoonline.com/article/3334396/what-is-digital-forensics-and-how-to-land-a-job-in-this-hot-field.html
                            [h1] => What is digital forensics? And how to land a job in this hot field
                            [h2] => Array
                                (
                                    [0] => Digital forensics definition
                                    [1] => History of digital forensics
                                    [2] => How digital forensics is used in investigations
                                    [3] => Digital forensics tools
                                    [4] => Digital forensics jobs
                                    [5] => Digital forensics career
                                )

                            [h3] => Array
                                (
                                    [0] => Think beyond the awful (and justly cancelled) television show CSI Cyber; digital forensics is a crucial aspect of law and business in the internet age and can be a rewarding and lucrative career path
                                    [1] => Back to basics
                                    [2] => Back to basics
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => Digital forensics definition
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => History of digital forensics
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => How digital forensics is used in investigations
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Digital forensics tools
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => Digital forensics jobs
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Digital forensics career
                                        )

                                )

                            [type] => article
                            [wordCount] => 1881
                            [imgCount] => 23
                            [lang] => stdClass Object
                                (
                                    [langLinks] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [lang] => en
                                                    [url] => https://www.csoonline.com/article/3334396/what-is-digital-forensics-and-how-to-land-a-job-in-this-hot-field.html
                                                )

                                        )

                                    [size] => 1
                                    [string] => en
                                )

                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 107
                                    [outboundSize] => 30
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => http://reddit.com/submit?url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3334396%2Fwhat-is-digital-forensics-and-how-to-land-a-job-in-this-hot-field.html&title=What+is+digital+forensics%3F+And+how+to+land+a+job+in+this+hot+field
                                                    [hrefDomain] => reddit.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => defines digital forensics
                                                    [href] => https://www.itweb.co.za/content/kYbe9MXxRByMAWpG
                                                    [hrefDomain] => itweb.co.za
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => a more generalized description
                                                    [href] => https://www.champlain.edu/online/blog/what-jobs-can-you-get-with-computer-forensics-degree
                                                    [hrefDomain] => champlain.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => people who worked at police or federal law enforcement agencies and who happened to also be computer hobbyists
                                                    [href] => https://pdfs.semanticscholar.org/0d15/132439fc1de82724dd06effff5a782eefeac.pdf
                                                    [hrefDomain] => semanticscholar.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => In 1984, the FBI launched the Magnet Media Program
                                                    [href] => https://technologyfirst.org/magazines/2014/34-august/993-computer-forensics-takes-a-bite-out-of-crime.html
                                                    [hrefDomain] => technologyfirst.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => fingering a German hacker who was breaking into sensitive systems and selling data to the KGB
                                                    [href] => https://www.cybersecuritymastersdegree.org/cliff-stoll-vs-markus-hess/
                                                    [hrefDomain] => cybersecuritymastersdegree.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => two unpleasant realities
                                                    [href] => https://pdfs.semanticscholar.org/0d15/132439fc1de82724dd06effff5a782eefeac.pdf
                                                    [hrefDomain] => semanticscholar.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => overhauled
                                                    [href] => https://www.logikcull.com/guide/chapter-1-an-introduction-to-electronic-discovery
                                                    [hrefDomain] => logikcull.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => process models for digital forensics
                                                    [href] => http://researchrepository.murdoch.edu.au/id/eprint/14422/2/02Whole.pdf
                                                    [hrefDomain] => murdoch.edu.au
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => four basic steps
                                                    [href] => https://resources.infosecinstitute.com/computer-crime-investigation-using-forensic-tools-and-technology/
                                                    [hrefDomain] => infosecinstitute.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => preparation, extraction and identification
                                                    [href] => https://www.crime-scene-investigator.net/computer-forensics-digital-forensic-analysis-methodology.html
                                                    [hrefDomain] => crime-scene-investigator.net
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => Wireshark
                                                    [href] => https://www.wireshark.org/
                                                    [hrefDomain] => wireshark.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => HashKeeper
                                                    [href] => https://en.wikipedia.org/wiki/HashKeeper
                                                    [hrefDomain] => wikipedia.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => Encase
                                                    [href] => https://resources.infosecinstitute.com/computer-forensics-tools/
                                                    [hrefDomain] => infosecinstitute.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => CAINE
                                                    [href] => https://www.caine-live.net/
                                                    [hrefDomain] => caine-live.net
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [15] => stdClass Object
                                                (
                                                    [text] => breaks down these tools into a number of categories
                                                    [href] => https://resources.infosecinstitute.com/computer-forensics-tools/
                                                    [hrefDomain] => infosecinstitute.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [16] => stdClass Object
                                                (
                                                    [text] => great list of popular forensics tools
                                                    [href] => https://resources.infosecinstitute.com/computer-forensics-tools/
                                                    [hrefDomain] => infosecinstitute.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [17] => stdClass Object
                                                (
                                                    [text] => Cybersecurity and Forensics Lab
                                                    [href] => https://polytechnic.purdue.edu/facilities/cybersecurity-forensics-lab
                                                    [hrefDomain] => purdue.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [18] => stdClass Object
                                                (
                                                    [text] => bachelor's degree in cybersecurity and information assurance
                                                    [href] => https://www.utica.edu/academics/programs/cybersecurity/
                                                    [hrefDomain] => utica.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [19] => stdClass Object
                                                (
                                                    [text] => online bachelor's degree in computer forensics
                                                    [href] => https://www.champlain.edu/online/bachelors-degrees/bs-computer-forensics-degree
                                                    [hrefDomain] => champlain.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [20] => stdClass Object
                                                (
                                                    [text] => master's in digital forensics and cybersecurity
                                                    [href] => https://www.jjay.cuny.edu/master-science-digital-forensics-and-cybersecurity
                                                    [hrefDomain] => cuny.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [21] => stdClass Object
                                                (
                                                    [text] => online master's in digital forensics and cybersecurity
                                                    [href] => https://www.criminaljusticedegreeschools.com/criminal-justice-degrees/computer-forensic-degree/
                                                    [hrefDomain] => criminaljusticedegreeschools.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [22] => stdClass Object
                                                (
                                                    [text] => five most valuable certs
                                                    [href] => https://www.businessnewsdaily.com/10755-best-digital-forensics-certifications.html
                                                    [hrefDomain] => businessnewsdaily.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [23] => stdClass Object
                                                (
                                                    [text] => Certified Forensic Examiner
                                                    [href] => https://www.giac.org/certification/certified-forensic-examiner-gcfe
                                                    [hrefDomain] => giac.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [24] => stdClass Object
                                                (
                                                    [text] => Certified Forensic Analyst
                                                    [href] => https://www.giac.org/certification/certified-forensic-analyst-gcfa
                                                    [hrefDomain] => giac.org
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [25] => stdClass Object
                                                (
                                                    [text] => lie in the public sector
                                                    [href] => https://www.champlain.edu/online/blog/what-jobs-can-you-get-with-computer-forensics-degree
                                                    [hrefDomain] => champlain.edu
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [26] => stdClass Object
                                                (
                                                    [text] => beginning to run their own labs
                                                    [href] => https://www.theatlantic.com/technology/archive/2017/04/csi-walmart/521565/
                                                    [hrefDomain] => theatlantic.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [27] => stdClass Object
                                                (
                                                    [text] => forensic computer analyst makes around $70,000 a year
                                                    [href] => https://www.payscale.com/research/US/Job=Forensic_Computer_Analyst/Salary
                                                    [hrefDomain] => payscale.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [28] => stdClass Object
                                                (
                                                    [text] => darker side of computer forensics
                                                    [href] => https://www.forensicfocus.com/the-darker-side-of-computer-forensics
                                                    [hrefDomain] => forensicfocus.com
                                                    [rel] => nofollow
                                                    [isOutbound] => 1
                                                )

                                            [29] => stdClass Object
                                                (
                                                    [text] => 
                                                    [href] => https://twitter.com/jfruh
                                                    [hrefDomain] => twitter.com
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 3
                                            [name] => Think beyond the awful (and justly cancelled) television show CSI Cyber; digital forensics is a crucial aspect of law and business in the internet age and can be a rewarding and lucrative career path.
                                            [tag] => h3
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Back to basics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital forensics definition. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => History of digital forensics. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How digital forensics is used in investigations. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital forensics tools. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital forensics jobs. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Digital forensics career. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Back to basics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://images.idgesg.net/images/article/2018/10/abstract-arrows_direction_process_magnifying-glass_search_investigate-100777420-large.jpg?auto=webp&quality=85,70
                                    [twitterImage] => https://images.idgesg.net/images/article/2018/10/abstract-arrows_direction_process_magnifying-glass_search_investigate-100777420-large.jpg?auto=webp&quality=85,70
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => What is digital forensics? And how to land a job in this hot field Think beyond the awful (and justly cancelled) television show CSI Cyber; digital forensics is a crucial aspect of law and business in the internet age and can be a rewarding and lucrative career path. By Josh Fruhlinger Contributing writer, CSO | Getty Images Back to basics. 7 elements of a successful security... What is the Heartbleed bug, how does it... What is CVE, its definition and purpose? What is a fileless attack? How hackers... Critical Infrastructure Protection... What is an intrusion detection system?... What is cross-site scripting (XSS)?... DDoS explained: How distributed denial... 5 signs you've been hit with an APT Supply chain attacks show why you... Show More Digital forensics definition. Digital forensics, sometimes called computer forensics, is the application of scientific investigatory techniques to digital crimes and attacks. It is a crucial aspect of law and business in the internet age and can be a rewarding and lucrative career path.Jason Jordaan, principal forensic scientist at DFIRLABS, defines digital forensics as "the identification, preservation, examination, and analysis of digital evidence, using scientifically accepted and validated process, and the ultimate presentation of that evidence in a court of law to answer some legal question."That's a pretty good definition, though there's a caveat: the term is sometimes used to describe any sort of investigation of cyberattacks, even if law enforcement or the court system aren't involved. And digital forensics specialists work in both the public and private sectors. Champlain College, which has its own digital forensics program, has a more generalized description: "Digital forensics professionals are called into action once a breach occurs, and work to identify the hack, understand the source, and recover any compromised data."History of digital forensics. Law enforcement was somewhat slow to understand the necessity of applying forensics techniques to computers and high-tech equipment. For the most part, in the 1970s and 1980s early digital forensics pioneers were people who worked at police or federal law enforcement agencies and who happened to also be computer hobbyists. One of the first areas that came to the attention of law enforcement was data storage, as investigators had long worked to seize, retain, and analyze documentation from suspects; it began to dawn on them that much of that documentation was no longer committed to paper. In 1984, the FBI launched the Magnet Media Program to focus on these digital records, the first official digital forensics program at a law enforcement agency.Meanwhile, many of the techniques used to track down and identify hackers as they intruded into computer systems were developed ad hoc in the private sector. A generally identified seminal moment came in 1986, when Cliff Stoll, a Unix sysadmin at Lawrence Berkeley National Laboratory, tried to figure out a $0.75 discrepancy in an accounting log and ended up fingering a German hacker who was breaking into sensitive systems and selling data to the KGB. Along the way, Stoll created what was probably the first honeypot trap.Much of the specialization and professionalization of digital forensics over the '90s and '00s came about in reaction to two unpleasant realities: the spread of child pornography online, which led to the seizure of huge volumes of digital evidence; and the wars in Afghanistan and Iraq, in which U.S. troops often ended up capturing the laptops and phones of enemy insurgents and had to extract useful intelligence from them. A landmark came in 2006, when the United States Rules for Civil Procedure were overhauled to implement a mandatory regime for electronic discovery.How digital forensics is used in investigations. There are a number of process models for digital forensics, which define how forensics examiners should proceed in their quest to gather and understand evidence. While these can vary, most processes follow four basic steps: Collection, in which digital evidence is acquired. This often involves seizing physical assets, like computers, phones or hard drives; care must be taken to ensure that no data is damaged or lost. Storage media may be copied or imaged at this stage in order to keep the original in a pristine state for reference. Examination, in which various methods are used to identify and extract data. This step can be divided into preparation, extraction and identification. Important decisions to make at this stage are whether to deal with a system that's live (for instance, to power up a seized laptop) or dead (for instance, connecting a seized hard drive to a lab computer). Identification means determining whether individual pieces of data are relevant to the case at hand — particularly when warrants are involved, the information examiners are allowed to learn may be limited. Analysis, in which the data that's been gathered is used to prove (or disprove!) the case being built by examiners. For each relevant data item, examiners will answer the basic questions about it — who created it? who edited it? how was it created? when did this all happen? — and attempt to determine how it relates to the case. Reporting, in which the data and analysis are synthesized into a format that can be understood by laypeople. Being able to create such reports is an absolutely crucial skill for anyone interested in digital forensics. Digital forensics tools. Any digital forensics practitioner will have a wide variety of tools in their kit. At one end of the spectrum you have single-purpose open source tools like the packet sniffer Wireshark or HashKeeper, a free-to-use program that can speed the examination of database files. At the other end, you have powerful commercial software platforms with multiple functions and slick reporting capabilities like Encase, or CAINE, an entire Linux distribution dedicated to forensics work.The Infosec Institute breaks down these tools into a number of categories, which in and of itself gives you a sense of the sorts of tasks they can complete: Disk and data capture tools File viewers File analysis tools Registry analysis tools Internet analysis tools Email analysis tools Mobile devices analysis tools Network forensics tools Database forensics tools The Institute also maintains a great list of popular forensics tools, which is updated regularly.  Digital forensics degree programs and certificationsTraditionally, digital forensics practitioners came from a more general computer science background, and often were experienced sysadmins who were already comfortable with many of the basic tools used in digital forensics. However, in line with the increasing specialization within the industry, a few schools now offer degrees or concentrations specific to digital forensics — two in conventional on-campus settings and three online: Purdue University has a Cybersecurity and Forensics Laband offers a master's degree with a specialty on cyber forensics The School of Business and Justice Studies at Utica College offers a bachelor's degree in cybersecurity and information assurance, with cybercrime investigations and forensics as one of the possible concentrations Champlain College offers anonline bachelor's degree in computer forensics The John Jay College of Criminal Justice at the City University of New York offers an online master's in digital forensics and cybersecurity The University of Maryland University College offers an online master's in digital forensics and cybersecurity If you have a more general educational or professional background but would like a leg up in your job search, you might want to consider pursuing a digital forensics certification. Business News Daily curated a list of the five most valuable certs; their top picks are SANS's Global Information Assurance Certification (GIAC) Certified Forensic Examiner and Certified Forensic Analyst certifications.Finally, it's worth noting that, as digital forensics expert John Irvine puts it, "computer forensics is an apprenticeship discipline ... You really learn the trade once you’re in a seat working on real cases alongside a senior examiner."Digital forensics jobs. Jobs in digital forensics tend to have titles like "investigator," "technician" or "analyst," depending on your level of seniority and specialization. The majority of jobs in the digital forensics field lie in the public sector — in law enforcement, for state or national agencies, or for crime labs, though the latter might be privately run and contract with public agencies.However, with public cybercrime labs often overwhelmed — and less nimble than they could be due to bureaucratic red tape — large companies are beginning to run their own labs, creating another lucrative path for digital forensics professionals. As of 2017, there were six digital forensics labs accredited by the American Society of Crime Laboratory Directors at private companies, including Target, Walmart and American Express.What sort of salary can a digital forensics professional expect? According to PayScale, the average forensic computer analyst makes around $70,000 a year, though there's a rather wide range that can go from around $45,000 to around $115,000.Digital forensics career. With all that being said, you might decide that computer forensics is the career path for you. And it's a fascinating one! But maybe linger just a little bit on the decision: like any career path in law enforcement, it can put you in touch with the some of the worst of human nature. John Irvine has a somber blog post on the darker side of computer forensics. Remember how we said that much of the computer forensics field became professionalized in the hunt for child pornographers and terrorists? Well, as Irvine describes, that can take a real toll on investigators, as they have to examine and watch much of the material they find. It's a sobering thought, but a necessary one as you consider a digital forensics career. Related: Investigation and Forensics Careers Security Josh Fruhlinger is a writer and editor who lives in Los Angeles. Follow Copyright © 2019 IDG Communications, Inc. Microsoft's very bad year for security: A timeline Back to basics. 7 elements of a successful security awareness program What is the Heartbleed bug, how does it work and how was it... What is CVE, its definition and purpose? What is a fileless attack? How hackers invade systems... Critical Infrastructure Protection (CIP): Security problems... What is an intrusion detection system? How an IDS spots... What is cross-site scripting (XSS)? Low-hanging fruit for... DDoS explained: How distributed denial of service attacks... 5 signs you've been hit with an APT Supply chain attacks show why you should be wary of... What is application security? A process and tools for... What is spear phishing? Why targeted email attacks are so... Currently reading What is digital forensics? And how to land a job in this... How the CISO role is evolving Best Android antivirus? The top 8 tools
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 56
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 37
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 33
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 17
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 13
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => law
                                            [tf] => 10
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 9
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => program
                                            [tf] => 8
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => attack
                                            [tf] => 8
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 8
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 7
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 7
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => basic
                                            [tf] => 7
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => career
                                            [tf] => 7
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => system
                                            [tf] => 7
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => enforcement
                                            [tf] => 7
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => job
                                            [tf] => 6
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => security
                                            [tf] => 6
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => offer
                                            [tf] => 6
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => analysi tool
                                            [tf] => 5
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 5
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => college
                                            [tf] => 5
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => examiner
                                            [tf] => 5
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => lab
                                            [tf] => 5
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => degree
                                            [tf] => 5
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => forensic tool
                                            [tf] => 4
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => forensic career
                                            [tf] => 4
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => definition
                                            [tf] => 4
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => hacker
                                            [tf] => 4
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => process
                                            [tf] => 4
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 4
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => public
                                            [tf] => 4
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => professional
                                            [tf] => 4
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => online
                                            [tf] => 4
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => university
                                            [tf] => 4
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => cybersecurity
                                            [tf] => 4
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => digital forensic professional
                                            [tf] => 3
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => career path
                                            [tf] => 3
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 3
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => forensic professional
                                            [tf] => 3
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => college offer
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 59
                            [rank] => 3454
                        )

                    [17] => stdClass Object
                        (
                            [position] => 18
                            [title] => The Ultimate Guide: What is Computer Forensics? - Forensic Control
                            [url] => https://forensiccontrol.com/what-is-computer-forensics/
                            [destination] => https://forensiccontrol.com › what-is-computer-forensics
                            [description] => What is computer forensics? Find out here with our comprehensive and accessible guide written by industry experts. Learn about computer forensics and more
                            [isAmp] => 
                            [date] => 11 May 2021
                            [organic_position] => 18
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => The Ultimate Guide: What is Computer Forensics?
                            [serp_description] => Computer forensics, sometimes known as digital forensics, is undertaken by trained examiners who pull data (search histories, ...
                            [hostname] => forensiccontrol.com
                            [canonical] => https://forensiccontrol.com/what-is-computer-forensics/
                            [h1] => The Ultimate Guide: What is Computer Forensics?
                            [h2] => Array
                                (
                                    [0] => When and how is computer forensics used​?
                                )

                            [h3] => Array
                                (
                                    [0] => Guidelines for successful computer forensics
                                    [1] => Live acquisition: Getting data from a powered computer
                                    [2] => The stages of a computer forensics examination
                                    [3] => What issues do computer forensics examiners face?
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => When and how is computer forensics used​?
                                        )

                                )

                            [published_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 26o November 2020
                                    [dateISO] => 2020-11-26T17:19:45+00:00
                                )

                            [modified_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 5o November 2021
                                    [dateISO] => 2021-11-05T12:40:39+00:00
                                )

                            [type] => article
                            [wordCount] => 2423
                            [imgCount] => 3
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 27
                                    [outboundSize] => 6
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => Computer forensics
                                                    [href] => https://forensicontrol.wpengine.com/computer-forensics/
                                                    [hrefDomain] => wpengine.com
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => Computer forensic investigators
                                                    [href] => https://forensicontrol.wpengine.com/computer-forensics/
                                                    [hrefDomain] => wpengine.com
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => ACPO Guide
                                                    [href] => https://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf
                                                    [hrefDomain] => digital-detective.net
                                                    [rel] => noopener
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => ACPO Guidelines and Principles Explained
                                                    [href] => https://forensicontrol.wpengine.com/acpo-guidelines-principles-explained/
                                                    [hrefDomain] => wpengine.com
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => computer forensics investigators
                                                    [href] => https://forensicontrol.wpengine.com/computer-forensics/
                                                    [hrefDomain] => wpengine.com
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => Cyber Essentials certification
                                                    [href] => https://forensicontrol.wpengine.com/cyber-essentials/
                                                    [hrefDomain] => wpengine.com
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => When and how is computer forensics used​?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Guidelines for successful computer forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => The four main principles from the APCO Guide. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Live acquisition: Getting data from a powered computer. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => The stages of a computer forensics examination. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 1. Readiness. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 2. Evaluation. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [2] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 3. Collection. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [3] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 4. Analysis. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [4] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => ​5. Presentation. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [5] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => 6. Review. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What issues do computer forensics examiners face?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Technical issues. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                    [0] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => ​Encryption
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [1] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Increasing storage space
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [2] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => New technologies
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [3] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Anti-forensics
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Legal issues. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                    [0] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Legislative domains
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [1] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Legal arguments
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                )

                                                                        )

                                                                    [2] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Administrative issues. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                    [0] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => ​Accepted standards
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [1] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Fit to practice
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                    [2] => stdClass Object
                                                                                        (
                                                                                            [level] => 5
                                                                                            [name] => Recent posts
                                                                                            [tag] => h5
                                                                                            [children] => Array
                                                                                                (
                                                                                                )

                                                                                        )

                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://forensiccontrol.com/wp-content/uploads/2021/10/blog_compforensics.jpeg
                                )

                            [schema_type] => Array
                                (
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => The Ultimate Guide: What is Computer Forensics? Computer forensics, sometimes known as digital forensics, is undertaken by trained examiners who pull data (search histories, purchase records, time logs and more) from devices including, but not limited to: computers, tablets, and smartphones. They are then able to investigate and analyse the data, before presenting it in a way that can be easily understood to people who may not be familiar with forensic or computer science. If you would like to learn more about computer forensics, we have compiled this comprehensive guide, encompassing all you need to know with no technical knowledge required. Our aim is to give every reader a high-level view of computer forensics to help them understand more about the different processes and when they should be used. DISCLAIMER: We use the term ‘computer’ throughout this article, but the concept we discuss can apply to any device capable of storing digital information. When and how is computer forensics used ? There aren’t many areas of crime or civil dispute where computer forensics cannot be applied. Law enforcement agencies were among the earliest and most prominent users of computer forensics, and as a result, they’ve often been at the forefront of developments in the field. Computers can be considered a ‘crime scene’ – for example, with hacking or denial of service attacks. They may hold evidence of crimes that happened elsewhere, in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud or drug trafficking. A forensic computer exam can reveal much more than expected. Computer forensic investigators are not only interested in the content of emails, documents and other files, but also in the metadata associated with those files. Metadata provides more information about a certain dataset, which can be revealing in its own right. For instance, records of a user’s actions may also be stored in log files and other applications on a computer, such as internet browsers. So a computer forensic examination might reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions. Commercial organisations have used computer forensics to help with all kinds of cases, including: Intellectual property theft Employment disputes Invoice fraud, often enabled by phishing emails Forgeries Inappropriate email and internet use in the workplace Regulatory compliance Guidelines for successful computer forensics. If evidence found during a computer forensic investigation is to be admissible, it must be reliable and ‘not prejudicial’. This means the examiner needs to keep admissibility at the front of their mind at every stage of an investigation. The UK Association of Chief Police Officers’ Good Practice Guide for Digital Evidence – or ACPO Guide – is a widely used and respected set of guidelines for investigators. ACPO has now become the National Police Chief’s Council. The guide has not been updated for several years, but its content remains relevant. The technologies change, but the principles remain consistent. The four main principles from the APCO Guide. Please note: references to law enforcement have been removed. No action should change data held on a computer or storage media which may be subsequently relied upon in court. In circumstances where a person finds it necessary to access original data held on a computer or storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third-party should be able to examine those processes and achieve the same result. The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. For a more in-depth look at the ACPO Guidelines, you may like to read our article: ACPO Guidelines and Principles Explained. Live acquisition: Getting data from a powered computer. Are there instances when a computer forensic examiner might need to make changes to a suspect’s computer and – in doing so – go against the first principle above? Yes. Traditionally, examiners copy data from a device which is turned off. They use a write-blocker to make an exact bit-for-bit copy of the original storage medium, and create an acquisition hash of the original medium. They then work from this copy, leaving the original unchanged. However, sometimes it’s not possible (or desirable) to switch off a computer. Perhaps doing so would result in considerable financial or other loss for the owner, or cause valuable evidence to be permanently lost. In these cases, the computer forensic examiner may need to carry out a ‘live acquisition’. This involves running a simple application on the suspect computer to copy (acquire) the data to the examiner’s data repository. By running such an application (and attaching a device such a USB drive to the suspect computer), the examiner makes changes and/or additions to the computer which were not present before. But if the examiner records these actions, can show why they were necessary, and explain the consequences of them to a court, the evidence produced is usually still admissible. The stages of a computer forensics examination. The overall process of a computer forensics examination is divided into six stages. 1. Readiness. Forensic readiness is an important and occasionally overlooked stage in the process. In commercial computer forensics, it might include educating clients about system preparedness. For example, forensic examinations provide stronger evidence if a device’s auditing features are activated before an incident takes place. For the forensic examiner, readiness includes appropriate training, testing and verification of their own software and equipment. They need to be familiar with legislation, know how to deal with unexpected issues (such as what to do if child abuse images are found during a fraud engagement) and ensure their data acquisition computer and associated items are suitable for the task. 2. Evaluation. During the evaluation stage, the examiner receives instructions and should seek clarification if any of these are unclear or ambiguous. They will then carry out the risk analysis and allocate roles and resources. For law enforcement, risk analysis may include assessing the likelihood of physical threat on entering a suspect’s property and how best to deal with it. Commercial organisations also need to consider health and safety issues, conflict of interest issues, and other possible risks (such as to their finances or their reputation) when they accept a particular project. 3. Collection. If data acquisition (often called ‘imaging’) is carried out on-site rather than at the computer forensic examiner’s office, this stage includes identifying and securing devices which may store evidence, and documenting the scene. The examiner would also hold interviews or meetings with personnel who might have information relevant to the examination – such as the computer’s end-users, the manager and the person responsible for computer services (e.g. an IT administrator). The collection stage can also involve the labelling and bagging of items from the site which may be used in the investigation. These are sealed in numbered tamper-evident bags. The material must then be securely and safely transported to the examiner’s office or laboratory. 4. Analysis. Analysis includes the discovery and extraction of information gathered in the collection stage. The type of analysis depends on the needs of each case. It can range from extracting a single email to piecing together the complexities of a fraud or terrorism case. During an analysis, the examiner usually delivers their findings to their line manager or client. These exchanges may result in the analysis taking a different path or narrowing to specific areas. Forensic analysis must be accurate, thorough, impartial, recorded, repeatable and completed within the available timescales and allocated resources. There are multiple tools available for computer forensics analysis. The examiner should use any tool they feel comfortable with, as long as they can justify their choice. A computer forensic tool must do what it’s meant to do, so examiners should regularly test and calibrate their tools before carrying out any analysis. Examiners can also use ‘dual-tool verification’ to confirm the integrity of their results during analysis. For example, if the examiner finds artefact X at location Y using tool A, they should be able to replicate these results with tool B. 5. Presentation. In this stage the examiner produces a structured report on their findings, addressing the points in the initial instructions, along with any further instructions they have received. The report should also cover any other information the examiner deems relevant to the investigation. The report must be written with the end reader in mind. Often the reader may not have a high level of technical knowledge, so appropriate terminology should be used. The examiner may need to participate in meetings or conference calls to discuss and elaborate on their report. 6. Review. Like the Readiness stage, the Review is often overlooked or disregarded, as it’s not billable work or because the examiner needs to proceed with the next investigation. But carrying out a review of each examination can make future projects more efficient and time-effective, which saves money and improves the quality of investigations in the longer term. The review of an examination can be simple, quick, and begin during any of the above stages. It could include a basic analysis of what went wrong and what went well, along with feedback from the person or company who requested the investigation. Any lessons learnt from this stage should be applied to future examinations and feed into the Readiness stage. What issues do computer forensics examiners face? Computer forensics examiners come up against three main categories of problem: technical, legal and administrative. Technical issues. Encryption Encrypted data can be impossible to view without the correct key or password. If the key isn’t available or the owner won’t reveal it, it may be stored: elsewhere on the computer on another computer which the suspect can access on the computer’s volatile memory (RAM). This is usually lost when a computer is shut-down When encryption may be present, the examiner may need to consider using the ‘live acquisition’ techniques outlined above. Increasing storage space Storage media hold ever-greater amounts of data, so the examiner’s analysis computers need sufficient processing power and available storage capacity to search and analyse large amounts of data efficiently. New technologies Computing is a continually evolving field, with new hardware, software and operating systems emerging constantly. No single computer forensic examiner can be an expert on all areas, though they are often expected to analyse things that they haven’t encountered before. This means computer forensics examiners must be prepared and able to experiment with new technologies. At this point, networking and sharing knowledge with other computer forensic examiners comes in useful, because someone else may already have come across the same issue. Anti-forensics Anti-forensics is the practice of attempting to thwart computer forensic analysis through encryption, over-writing data to make it unrecoverable, modifying files’ metadata and file obfuscation (disguising files). As with encryption, the evidence that such methods have been used may be stored elsewhere on the computer or on another computer which the suspect can access. In our experience, it’s very rare to see anti-forensics tools used correctly and frequently enough to totally obscure their presence or the presence of the evidence they were used to hide. Legal issues. Legislative domains Data often isn’t stored on a person’s computer but on remote computers which they are renting storage space on, otherwise known as the ‘cloud’. This data may be in a different country, meaning access to it could involve different legislation. And if access is possible, it may be complicated and expensive. Legal arguments Legal issues can confuse or distract from a computer examiner’s findings. One example of this is the ‘Trojan Defence’. A Trojan is a piece of computer code disguised as something benign, but which has a hidden and malicious purpose. Trojans have many uses, including key-logging, uploading or downloading files, and installing viruses. A lawyer may be able to argue that actions on a computer were not carried out by a user, but instead automated by a Trojan without the user’s knowledge. This kind of Trojan Defence has been successfully used even when no trace of a Trojan or other malicious code was found on the suspect’s computer. In such cases, a competent opposing lawyer supplied with evidence from a competent computer forensic analyst should be able to dismiss the argument. A good examiner will have identified and addressed possible arguments from the ‘opposition’ during the analysis and writing stages of their report. Administrative issues. Accepted standards There are all kinds of standards and guidelines in computer forensics, few of which are universally accepted. The reasons for this include: Standard-setting bodies can be tied to particular legislations Standards are aimed either at law enforcement or commercial forensics, but not both The authors of such standards are not accepted by their peers High joining fees for professional bodies can discourage practitioners Fit to practice Many jurisdictions have no qualifying body to check the competence and integrity of computer forensics professionals. This means anyone can present themselves as a computer forensics expert, which in turn can lead to poor quality examinations and a negative view of the profession as a whole. At Forensic Control we are experts in computer forensics, so if you need any assistance please just drop us a message, and we’ll be happy to advise. Alternatively, you can book a computer investigation with one of our experienced computer forensics investigators. If you’re in the UK, we can also assist you with a Cyber Essentials certification. This certification will assure your customers and clients that your organisation is committed to keeping their data safe and secure. Categorised: ArticlesPosted by [email protected] Last updated: 05/11/2021 Home » The Ultimate Guide: What is Computer Forensics? Recent posts Four Phishing Scams to watch out for this Christmas The Ultimate Guide: What is Computer Forensics? How to Write a Simple Cyber Security Plan for your Small Business ACPO Guidelines & Principles Explained 10 tips for online safety when working from home Menu Services Cyber Essentials Cyber Essentials explained Computer Forensics Journal About Testimonials Contact
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 75
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 47
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 37
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => examiner
                                            [tf] => 36
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 18
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => analysi
                                            [tf] => 17
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => stage
                                            [tf] => 15
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 13
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => evidence
                                            [tf] => 13
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => tool
                                            [tf] => 11
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => forensic examiner
                                            [tf] => 10
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => suspect
                                            [tf] => 10
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => examination
                                            [tf] => 9
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => issue
                                            [tf] => 9
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => computer forensic examiner
                                            [tf] => 8
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => user
                                            [tf] => 8
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => person
                                            [tf] => 8
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => guide
                                            [tf] => 8
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => file
                                            [tf] => 8
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => device
                                            [tf] => 7
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => action
                                            [tf] => 7
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => storage
                                            [tf] => 7
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => include
                                            [tf] => 7
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => acpo
                                            [tf] => 6
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => readiness
                                            [tf] => 6
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => report
                                            [tf] => 6
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => result
                                            [tf] => 6
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => guideline
                                            [tf] => 6
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => principle
                                            [tf] => 6
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => acquisition
                                            [tf] => 6
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => trojan
                                            [tf] => 6
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => access
                                            [tf] => 5
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => standard
                                            [tf] => 5
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => cyber essential
                                            [tf] => 4
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 4
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => forensic examination
                                            [tf] => 4
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => ultimate guide computer
                                            [tf] => 3
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => guide computer forensic
                                            [tf] => 3
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => computer forensic examination
                                            [tf] => 3
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => assist
                                            [tf] => 3
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => ultimate guide
                                            [tf] => 3
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => guide computer
                                            [tf] => 3
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 3
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => file metadata
                                            [tf] => 3
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => storage media
                                            [tf] => 3
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => acpo guideline
                                            [tf] => 3
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => live acquisition
                                            [tf] => 3
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => analysi examiner
                                            [tf] => 3
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => forensic analysi
                                            [tf] => 3
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => anti forensic
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 38
                            [rank] => 2845800
                        )

                    [18] => stdClass Object
                        (
                            [position] => 19
                            [title] => How to Become a Forensics Expert | Requirements for Computer Forensics Jobs
                            [url] => https://www.cyberdegrees.org/jobs/computer-forensics/
                            [destination] => https://www.cyberdegrees.org › jobs › computer-forens...
                            [description] => Consult this page for information regarding the education, experience, skills, and steps that qualify candidates for lucrative and fast-growing forensics expert careers in many industries
                            [isAmp] => 
                            [faq] => Array
                                (
                                )

                            [date] => 3 Nov 2021
                            [organic_position] => 19
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Computer Forensics Analyst Career Overview - Cyber Degrees
                            [serp_description] => Computer forensics analysts assist in the investigation of crimes and cybersecurity incidents. In many cases, they work to recover hidden, ...
                            [hostname] => cyberdegrees.org
                            [canonical] => https://www.cyberdegrees.org/jobs/computer-forensics/
                            [h1] => Computer Forensics Analyst Career Overview
                            [h2] => Array
                                (
                                    [0] => What Does a Computer Forensics Analyst Do?
                                    [1] => Top Online Programs
                                    [2] => Computer Forensics Analyst Salary
                                    [3] => Where Can I Work as a Computer Forensics Analyst?
                                    [4] => How to Become a Computer Forensics Analyst
                                    [5] => Resources
                                    [6] => Latest Posts
                                    [7] => Are you ready to find a school that's aligned with your interests?
                                )

                            [h3] => Array
                                (
                                    [0] => Key Soft Skills for Computer Forensics Analysts
                                    [1] => Key Hard Skills for Computer Forensics Analysts
                                    [2] => A Day in the Life of a Computer Forensics Analyst
                                    [3] => Forensic Computer Analysts
                                    [4] => Average Annual Salary of Forensic Computer Analysts by Experience, 2020
                                    [5] => Locations
                                    [6] => Top-Paying Cities For Forensic Computer Analysts, 2020
                                    [7] => Industries
                                    [8] => Major Employers
                                    [9] => Steps to Becoming a Computer Forensics Analyst
                                    [10] => Computer Forensics Analyst Requirements
                                    [11] => Education Requirements for Computer Forensics Analysts
                                    [12] => License and Certification Requirements for Computer Forensics Analysts
                                    [13] => Required Experience for Computer Forensics Analysts
                                    [14] => The Computer Forensics Analyst Job Hunt
                                    [15] => Indeed
                                    [16] => CyberSecJobs.com
                                    [17] => Glassdoor
                                    [18] => NinjaJobs.org
                                    [19] => Computer Forensics Analyst Upward Mobility
                                    [20] => Computer Forensics Director
                                    [21] => Security Consultant
                                    [22] => Questions About Computer Forensics
                                    [23] => How long does it take to become a computer forensics analyst?
                                    [24] => What degree is needed to be a computer forensics analyst?
                                    [25] => How much does a computer forensics analyst make?
                                    [26] => What requirements are there to become a computer forensics analyst?
                                    [27] => What is the role of a computer forensics investigator?
                                    [28] => Professional Organizations for Computer Forensics Analysts
                                    [29] => Related Careers
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => What Does a Computer Forensics Analyst Do?
                                        )

                                    [1] => stdClass Object
                                        (
                                            [text] => Top Online Programs
                                        )

                                    [2] => stdClass Object
                                        (
                                            [text] => Computer Forensics Analyst Salary
                                        )

                                    [3] => stdClass Object
                                        (
                                            [text] => Where Can I Work as a Computer Forensics Analyst?
                                        )

                                    [4] => stdClass Object
                                        (
                                            [text] => How to Become a Computer Forensics Analyst
                                        )

                                    [5] => stdClass Object
                                        (
                                            [text] => Resources
                                        )

                                    [6] => stdClass Object
                                        (
                                            [text] => Latest Posts
                                        )

                                    [7] => stdClass Object
                                        (
                                            [text] => Are you ready to find a school that's aligned with your interests?
                                        )

                                )

                            [published_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 7o October 2020
                                    [dateISO] => 2020-10-07T03:38:18+00:00
                                )

                            [modified_time] => stdClass Object
                                (
                                    [lastUpdate] => 
                                    [dateFormatted] => 3o November 2021
                                    [dateISO] => 2021-11-03T19:22:39+00:00
                                )

                            [type] => article
                            [wordCount] => 3263
                            [imgCount] => 9
                            [lang] => 
                            [faq_on_page] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [index] => 0
                                            [question] => How long does it take to become a computer forensics analyst?
                                            [answer] => Most digital forensics analysts hold at least a four-year bachelor's degree when they land their first job. Those seeking master's degrees and/or optional certifications usually add 1-3 years to that timeline.
                                        )

                                    [1] => stdClass Object
                                        (
                                            [index] => 1
                                            [question] => What degree is needed to be a computer forensics analyst?
                                            [answer] => Most computer forensics analysts hold bachelor's or master's degrees in computer science, computer engineering, cybersecurity, digital forensics, or a related field.
                                        )

                                    [2] => stdClass Object
                                        (
                                            [index] => 2
                                            [question] => How much does a computer forensics analyst make?
                                            [answer] => PayScale reports nationwide average earnings for digital forensics analysts at about $73,900 per year. The entire salary range spans from around $50,000 per year to $118,000 at the high end.
                                        )

                                    [3] => stdClass Object
                                        (
                                            [index] => 3
                                            [question] => What requirements are there to become a computer forensics analyst?
                                            [answer] => In addition to a specialized degree that delivers the necessary technical skills, computer forensics analysts can obtain optional professional certifications that indicate proficiency with specific skill sets. A background in criminal justice also helps those aspiring to work in law enforcement.
                                        )

                                    [4] => stdClass Object
                                        (
                                            [index] => 4
                                            [question] => What is the role of a computer forensics investigator?
                                            [answer] => Digital forensics analysts mainly work to retrieve, catalog, and safeguard digital data related to criminal and cybercrime investigations. They also preserve evidence to ensure its admissibility in court, and they may advise other investigators on the value or utility of other digital evidence they find.
                                        )

                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 37
                                    [outboundSize] => 21
                                    [list] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [text] => to grow
                                                    [href] => https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
                                                    [hrefDomain] => bls.gov
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [text] => average salaries
                                                    [href] => https://www.payscale.com/research/US/Job=Forensic_Computer_Analyst/Salary
                                                    [hrefDomain] => payscale.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [text] => $73,900
                                                    [href] => https://www.payscale.com/research/US/Job=Forensic_Computer_Analyst/Salary
                                                    [hrefDomain] => payscale.com
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [text] => Payscale
                                                    [href] => https://www.payscale.com/research/US/Job=Forensic_Computer_Analyst/Salary
                                                    [hrefDomain] => payscale.com
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [4] => stdClass Object
                                                (
                                                    [text] => cost of living indices
                                                    [href] => https://www.usnews.com/news/best-states/rankings/opportunity/affordability
                                                    [hrefDomain] => usnews.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [5] => stdClass Object
                                                (
                                                    [text] => PayScale
                                                    [href] => https://www.payscale.com/research/US/Job=Forensic_Computer_Analyst/Salary
                                                    [hrefDomain] => payscale.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [6] => stdClass Object
                                                (
                                                    [text] => 80 other offices
                                                    [href] => https://www.boozallen.com/tools/utility-navigation-pages/office-locations.html
                                                    [hrefDomain] => boozallen.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [7] => stdClass Object
                                                (
                                                    [text] => approximately 9,000 employees
                                                    [href] => https://www.bloomberg.com/profile/company/MANT:US
                                                    [hrefDomain] => bloomberg.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [8] => stdClass Object
                                                (
                                                    [text] => Global Information Assurance Certifications
                                                    [href] => https://www.giac.org/certifications/digital-forensics
                                                    [hrefDomain] => giac.org
                                                    [rel] => noopener noreferrer external
                                                    [isOutbound] => 1
                                                )

                                            [9] => stdClass Object
                                                (
                                                    [text] => Computer Hacking Forensic Investigator
                                                    [href] => https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/
                                                    [hrefDomain] => eccouncil.org
                                                    [rel] => noopener noreferrer external
                                                    [isOutbound] => 1
                                                )

                                            [10] => stdClass Object
                                                (
                                                    [text] => Certified Forensic Computer Examiner
                                                    [href] => https://www.iacis.com/certification/
                                                    [hrefDomain] => iacis.com
                                                    [rel] => noopener noreferrer external
                                                    [isOutbound] => 1
                                                )

                                            [11] => stdClass Object
                                                (
                                                    [text] => AccessData Forensics Certifications
                                                    [href] => https://training.accessdata.com/exams
                                                    [hrefDomain] => accessdata.com
                                                    [rel] => noopener noreferrer external
                                                    [isOutbound] => 1
                                                )

                                            [12] => stdClass Object
                                                (
                                                    [text] => Indeed. This popular job search and career development portal supports a helpful feature for new graduates: the ability to specifically seek out entry-level positions
                                                    [href] => https://www.indeed.com
                                                    [hrefDomain] => indeed.com
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [13] => stdClass Object
                                                (
                                                    [text] => CyberSecJobs.com. This niche site allows job-seekers to narrow their searches by position title and location
                                                    [href] => https://cybersecjobs.com
                                                    [hrefDomain] => cybersecjobs.com
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [14] => stdClass Object
                                                (
                                                    [text] => Glassdoor. In addition to offering job listings, Glassdoor allows users to research companies and evaluate their suitability as a potential employer
                                                    [href] => https://www.glassdoor.com
                                                    [hrefDomain] => glassdoor.com
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [15] => stdClass Object
                                                (
                                                    [text] => NinjaJobs.org. Another industry-specific portal, NinjaJobs brands itself as the leading job search platform for information security professionals
                                                    [href] => https://ninjajobs.org
                                                    [hrefDomain] => ninjajobs.org
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [16] => stdClass Object
                                                (
                                                    [text] => information security analysts
                                                    [href] => https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
                                                    [hrefDomain] => bls.gov
                                                    [rel] => external noopener noreferrer
                                                    [isOutbound] => 1
                                                )

                                            [17] => stdClass Object
                                                (
                                                    [text] => International Association of Computer Investigative Specialists
                                                    [href] => https://www.iacis.com/
                                                    [hrefDomain] => iacis.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [18] => stdClass Object
                                                (
                                                    [text] => International Society of Forensic Computer Examiners
                                                    [href] => https://www.isfce.com/
                                                    [hrefDomain] => isfce.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [19] => stdClass Object
                                                (
                                                    [text] => The American Society of Digital Forensics and eDiscovery
                                                    [href] => https://www.asdfed.com/board
                                                    [hrefDomain] => asdfed.com
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                            [20] => stdClass Object
                                                (
                                                    [text] => High Technology Crime Investigation Association
                                                    [href] => https://htcia.org/
                                                    [hrefDomain] => htcia.org
                                                    [rel] => noreferrer noopener external
                                                    [isOutbound] => 1
                                                )

                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 4
                                            [name] => Are you ready to find a school that's aligned with your interests?
                                            [tag] => h4
                                            [children] => Array
                                                (
                                                )

                                        )

                                    [1] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What Does a Computer Forensics Analyst Do?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Key Soft Skills for Computer Forensics Analysts . 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Key Hard Skills for Computer Forensics Analysts . 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [2] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Top Online Programs. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => A Day in the Life of a Computer Forensics Analyst. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Computer Forensics Analyst Main Responsibilities. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                    [3] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Computer Forensics Analyst Salary. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Forensic Computer Analysts. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Average Annual Salary of Forensic Computer Analysts by Experience, 2020. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [4] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Where Can I Work as a Computer Forensics Analyst?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Locations. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Top-Paying Cities For Forensic Computer Analysts, 2020. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Industries. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Major Employers. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [5] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => How to Become a Computer Forensics Analyst. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Steps to Becoming a Computer Forensics Analyst. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Computer Forensics Analyst Requirements. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] =>   Education Requirements for Computer Forensics Analysts . 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] =>   License and Certification Requirements for Computer Forensics Analysts  . 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] =>  Required Experience for Computer Forensics Analysts. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [5] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => The Computer Forensics Analyst Job Hunt. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [6] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Indeed. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [7] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => CyberSecJobs.com. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [8] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Glassdoor. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [9] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => NinjaJobs.org. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [10] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Computer Forensics Analyst Upward Mobility. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [11] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Computer Forensics Director. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [12] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Security Consultant. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [6] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Resources. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Questions About Computer Forensics. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [1] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How long does it take to become a computer forensics analyst?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [2] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What degree is needed to be a computer forensics analyst?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [3] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => How much does a computer forensics analyst make?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [4] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What requirements are there to become a computer forensics analyst?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [5] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What is the role of a computer forensics investigator?
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [6] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Professional Organizations for Computer Forensics Analysts. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                    [7] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => Related Careers. 
                                                            [tag] => h3
                                                            [children] => Array
                                                                (
                                                                )

                                                        )

                                                )

                                        )

                                    [7] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Latest Posts. 
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 4
                                                            [name] => 5 Best Online Cybersecurity Bachelor’s Degrees. 
                                                            [tag] => h4
                                                            [children] => Array
                                                                (
                                                                    [0] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Best Online Master’s in Cybersecurity Programs. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                    [1] => stdClass Object
                                                                        (
                                                                            [level] => 4
                                                                            [name] => Top Cybersecurity Schools and Programs. 
                                                                            [tag] => h4
                                                                            [children] => Array
                                                                                (
                                                                                )

                                                                        )

                                                                )

                                                        )

                                                )

                                        )

                                    [8] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => Are you ready to find a school that's aligned with your interests?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                )

                                        )

                                )

                            [og] => stdClass Object
                                (
                                    [ogImage] => https://res.cloudinary.com/highereducation/images/v1620062870/CyberDegrees.org/GettyImages-961039048/GettyImages-961039048.jpg?_i=AA
                                )

                            [schema_type] => Array
                                (
                                    [0] => FAQPage
                                )

                            [comment_questions] => Array
                                (
                                )

                            [body] => Computer Forensics Analyst Career Overview November 3, 2021 | CyberDegrees.org Staff Are you ready to find a school that's aligned with your interests? Find the right education path to take advantage of this fast-growing industry and join the front-lines on technology and security. Computer forensics analysts play key roles on cybersecurity and investigation teams. These professionals specialize in gathering and analyzing data related to cyberattacks and illegal online activity. They apply advanced data retrieval and incident analysis skills to cases involving espionage, organized cybercrime, hacking, fraud, terrorism, and the storage and distribution of illegal content.Successful analysts possess strong analytical minds, sharp eyes for detail, and advanced technical proficiencies. They also understand the legal standards that guide criminal investigations, and they excel in communicating with others. While some digital forensics analysts work for private companies, a large percentage of their employment opportunities exist in the realm of law enforcement.These professionals enjoy a particularly strong job outlook. The Bureau of Labor Statistics (BLS projects information security jobs to grow 32% between 2018-2028.This guide provides important information for anyone considering a career as a computer forensics analyst, including key skills, major employers, and answers to frequently asked questions.What Does a Computer Forensics Analyst Do?Computer forensics analysts assist in the investigation of crimes and cybersecurity incidents. In many cases, they work to recover hidden, encrypted, or deleted information related to the case. They also safeguard the integrity of data by following a chain of custody that ensures its admissibility in court.Supplementary and adjacent duties include offering expert insights to law enforcement personnel and prosecutors regarding the validity of their digital evidence. In some instances, they lead or participate in interviews with suspects or victims. Digital forensics specialists also help prepare evidence before criminal trials.Computer forensics experts commonly work in the criminal justice system. Many private industries also employ them, including companies in financial services, information technology, computing, network security, and defense sectors. Privately employed digital forensics analysts help buttress an organization’s internal cybersecurity team and provide an added safeguard in the event of a hack or cybercrime.As their careers progress, many computer forensics analysts go on to train newly emerging professionals and junior team members. However, reaching this point comes with its own challenges. The profession demands commitment and flexibility, as many digital forensics experts work long and unusual hours, especially when investigating active cases.The following lists outline key soft and hard skills that aspiring digital forensics analysts need to succeed. Collapse All Expand All Key Soft Skills for Computer Forensics Analysts . A Desire to Learn: Technology changes fast, and so do the techniques criminals and hackers use. Digital forensics professionals must constantly update and expand their knowledge base to stay current in the field. Commitment to Professional Development: Top-performing computer forensics analysts push themselves toward higher levels of performance through ongoing development, training, and skills upgrades. Strong Communication Skills: Computer forensics experts must communicate effectively in both verbal and written forms, as their work often proves critical to the successful prosecution of cybercriminals. Careful Attention to Detail: Digital forensics analysts often search for the data-based equivalents of a needle in the haystack. Thus, they must bring sharp focus and attention to detail to every job. Key Hard Skills for Computer Forensics Analysts . Technical Knowledge: Computer forensics professionals require up-to-date, advanced knowledge of digital storage methods, operating systems, programming, hacking techniques, and malware. Strong Ethics: The ability to ethically handle retrieved and recovered data ranks among the most critical hard skills a computer forensics analyst needs. Understand the Law: Digital forensics experts need to understand the legal aspects of criminal investigations to at least an intermediate level. Knowledge of Best Practices: Chain of custody practices represent a crucial aspect of what digital forensics experts do. Capable professionals must display excellent mastery of best practices. Top Online Programs. Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level. A Day in the Life of a Computer Forensics Analyst. The daily tasks of a computer forensics analyst vary by factors like industry, role, and individual cases. Sometimes an analyst focuses on just one case, while other periods bring multiple simultaneous investigations.Computer forensics experts must prepare themselves for the abrupt changes and challenges that can occur at any point in the investigative process. New discoveries from other colleagues or team members can rapidly change the nature of a case, while emergencies requiring immediate responses also occur without warning.For many digital forensics analysts, Monday mornings represent the one constant of their routines. Work weeks typically begin with team meetings to discuss progress and updates related to active investigations.The role of a computer forensics expert carries many responsibilities. The following section details five key examples.Computer Forensics Analyst Main Responsibilities. Securing Devices and/or Systems Analysts play a frontline role in securing tamper-proof access to electronic devices, systems, and network equipment that may hold digital evidence related to an investigation. Using Specialized Forensics Software Many professional analysts supplement their own technical skills with specialized applications and software products that assist their forensic data searches. Identifying and Following Data Trails Investigations commonly include elements that seek to link suspects with co-conspirators and other external parties or accomplices. Analysts specialize in finding and following the electronic crumbs that make up these data trails. Writing Reports and Presenting Findings Analysts need to create written reports of their findings. They must also deliver verbal reports to others involved in investigations. Upgrading Skills The best computer forensics investigators spend a significant amount of time upgrading their technical skills through participation in workshops and continuing education opportunities. Computer Forensics Analyst Salary. According to PayScale data from 2020, forensic computer analysts make average salaries of about $73,900 per year. The lowest-earning 10% make approximately $50,000 per year, while the top 10% of earners make $118,000 or more. Annual Average Salary Forensic Computer Analysts. $73,900 These ranges speak to the many different factors that influence the salaries of active professionals. Some industries pay more than others, with top earners typically working in the private sector. Location also plays a significant role; generally, digital forensics investigators living in major cities enjoy premium pay rates.Finally, factors like education level, experience, technical proficiency, seniority, and job function also influence earnings. In general, senior analysts and analysts with advanced degrees tend to make the most money. The following chart breaks down typical earnings by experience level.Average Annual Salary of Forensic Computer Analysts by Experience, 2020. Entry LevelEarly CareerMidcareerExperiencedAverage Salary$63,144$68,551$88,049$100,861Source: PayscaleWhere Can I Work as a Computer Forensics Analyst?Law enforcement agencies continue to represent a significant employment base for computer forensics professionals, but private industry also hires them in growing numbers. As demand for capable analysts continues to rise, qualified individuals enjoy expanded employment options.Key private-sector employers include companies with advanced data protection and cybersecurity needs. Computer forensics analysts may find opportunities in areas like financial services, defense, and aerospace, as well as health informatics and the technology and IT sectors.Locations. Location can significantly affect the career of a digital forensics analyst. Professional opportunities for computer forensics specialists usually cluster in major metropolitan areas and seats of government. Salaries also tend to rise in big cities, but the raw numbers tell only part of the story when it comes to earnings.Emerging computer forensics specialists should also consider their lifestyle needs and preferences alongside factors like cost of living and quality of life. For example, the affordable cost of living in a smaller city or more remote state can offset the lower salaries typically paid in such areas. Staying up to date on cost of living indices can help people with the mobility to respond to job offers in different destinations.Consider the data in the following table, which highlights several locations where computer forensics specialists enjoy above-average earnings.Top-Paying Cities For Forensic Computer Analysts, 2020. Top-Paying CitiesPercentage Above Average PayWashington, DC31%Arlington, VA8%Boston, MA8%Philadelphia, PA4%Source: PayScaleIndustries. Organizations related to law enforcement, intelligence, and domestic security rank among the leading employers of digital forensics specialists. In these public-sector settings, investigators typically spend most of their time on cases involving criminal elements. Their work often serves as evidence in court cases.While these functions also extend to the private sector, the day-to-day duties of analysts in certain industries can differ significantly. Computer forensics analysts in IT, for example, usually function as parts of cybersecurity incident response teams. Their duties include analyzing successful and attempted breaches to identify and remediate the vulnerability that granted unauthorized system access.In other private settings, such as financial services, defense, and other industries that involve proprietary or sensitive information, analysts help deter and neutralize risks posed by insiders. Employee malfeasance represents one of the leading threats to such organizations, and computer forensics specialists play a major role in preventing and investigating them.Major Employers. Federal Bureau of Investigation (FBI) The FBI is a federal law enforcement, domestic security, and domestic intelligence agency. It plays a leading role in the investigation and prosecution of major federal crimes. Booz Allen Hamilton Headquartered in the Washington, D.C., suburb of McLean, Virginia, Booz Allen Hamilton ranks among the largest and best-known information technology and management consultancies in the United States. The company also maintains approximately 80 other offices in the U.S. and internationally. ManTech International Corporation This leading American defense contractor works with both public and private partners. It includes approximately 9,000 employees and specializes in serving the needs of clients with advanced information security and integrated technology needs. How to Become a Computer Forensics Analyst. Most people enter the field after earning a bachelor’s degree or a master’s degree. Applicable majors include computer science and computer engineering, as well as specialized cybersecurity degrees that offer concentrated study paths in digital forensics.Computer forensics analysts also benefit from earning professional certifications. While these credentials technically remain optional for many positions, an increasingly competitive employment landscape means candidates stand much better chances of landing a job if they hold at least one recognized industry certification.Computer forensics experts must constantly expand, improve, refresh, and upgrade their skills to ensure they remain current and capable of responding to any incident or threat.Steps to Becoming a Computer Forensics Analyst. Develop familiarity with digital technologies, including computer operating systems and programming. Build an academic background in mathematics and sciences. Enroll in a bachelor’s program in computer science or computer engineering. Qualified applicants can also consider specialized undergraduate programs in cybersecurity, depending on their availability. Add a specialized master’s degree in cybersecurity or digital forensics to earn a competitive edge in the job market. Consider adding optional specialized computer forensics certifications to bolster your resume. Identify a potential practice area, either specifically or by narrowing down to public-sector and private-sector options. Research job openings that match your qualifications and desired career path criteria, then apply. Computer Forensics Analyst Requirements. The following subsections offer details on computer forensics analyst requirements. Use them as a guide for plotting out an ideal career track while bearing in mind that specific positions may require additional qualifications. Collapse All Expand All Education Requirements for Computer Forensics Analysts . Students seeking computer forensics analyst degrees can look for programs in areas like computer science, computer engineering, and cybersecurity. Schools increasingly offer specialized cybersecurity programs at both the undergraduate and graduate levels, and these generally offer a more direct path into the profession. Some novice and junior positions may require only an associate degree, but most jobs require at least a bachelor’s degree. Bachelor’s programs typically demand four years of full-time study and cover foundational and more advanced computer forensics concepts. Master’s programs usually take two years of full-time study to complete, covering advanced and specialized topics. As such, job-seekers with master’s degrees often end up securing job offers with higher pay rates. Supplementing a degree with professional certifications can pay dividends in the form of improved earning potential and employment opportunities. Examples of these certifications include programs from organizations like AccessData, the International Association of Computer Investigation Specialists (IACIS), and the EC-Council. The next subsection examines these learning paths in greater detail. Associate Degree in Cybersecurity Bachelor’s Degree in Cybersecurity Master’s Degree in Cybersecurity License and Certification Requirements for Computer Forensics Analysts . Candidates do not need a formally issued license to become a computer forensics analyst, but employers often prefer candidates who hold one or more of the following: Global Information Assurance Certifications: GIAC certifications focus on incident response capabilities, and include seven unique programs as of 2020. Computer Hacking Forensic Investigator: Offered by the world-renowned EC-Council, the CHFI designation appeals to professionals interested in investigating cybercrime. Certified Forensic Computer Examiner: Delivered by the IACIS, the CFCE program includes two phases: a peer review phase and a certification phase. Candidates must recertify every three years to maintain valid standing. AccessData Forensics Certifications: AccessData offers numerous specialized certifications for professionals who aspire to work in law enforcement settings. Explore More Cybersecurity Certifications Required Experience for Computer Forensics Analysts. Experience is a critical qualification for advancing into leadership roles. However, computer forensics specialists can land their first jobs in the field without experience if they possess the right education, skills, credentials, and aptitudes. Even so, employers typically favor candidates who have at least some firsthand working knowledge of what their future job will entail. As such, experiential learning opportunities can greatly enhance the value of a degree. If possible, select a degree program that includes optional or mandatory field training, such as a work placement or practicum. This opportunity allows emerging professionals to put their learning into practice in a supervised capacity. The Computer Forensics Analyst Job Hunt. Most reputable, accredited degree-granting institutions feature career services offices, which can act as excellent launching pads for job searches. Some computer science departments even host their own career centers, giving graduates priority access to industry-specific resources.Beyond these resources, consider venues like job fairs, trade shows, and conferences hosted by respected professional organizations. As in many other fields, mentor relationships and personal networking efforts can also lead to job opportunities.These online job boards and career services sites also represent good places to look: Indeed. This popular job search and career development portal supports a helpful feature for new graduates: the ability to specifically seek out entry-level positions. CyberSecJobs.com. This niche site allows job-seekers to narrow their searches by position title and location. Glassdoor. In addition to offering job listings, Glassdoor allows users to research companies and evaluate their suitability as a potential employer. NinjaJobs.org. Another industry-specific portal, NinjaJobs brands itself as the leading job search platform for information security professionals. Computer Forensics Analyst Upward Mobility. As with any career path, computer forensics professionals can branch out into adjacent roles and positions with more responsibility once they gain experience. Common examples include: Computer Forensics Director. Most organizations, and especially those in law enforcement, employ teams that include digital forensics analysts. Computer forensics directors lead and supervise those teams, making this path a natural fit for skilled investigators seeking to rise into positions of greater responsibility. Experience requirements vary but tend to fall in the range of 10-plus years. Salaries typically represent the high end of the range paid to regular analysts. Security Consultant. Digital forensics analysts sometimes opt for self-employment as freelance security consultants, which broadens the scope of their work beyond investigations to include analyses of organizational IT security assets. This type of work gives them the freedom to vary the type of work they do, move between sectors and industries, and build their own businesses. The BLS groups this position within the broader framework of information security analysts, who enjoy median earnings of almost $100,000 per year. Resources. Questions About Computer Forensics. Collapse All Expand All How long does it take to become a computer forensics analyst? Most digital forensics analysts hold at least a four-year bachelor’s degree when they land their first job. Those seeking master’s degrees and/or optional certifications usually add 1-3 years to that timeline. What degree is needed to be a computer forensics analyst? Most computer forensics analysts hold bachelor’s or master’s degrees in computer science, computer engineering, cybersecurity, digital forensics, or a related field. How much does a computer forensics analyst make? PayScale reports nationwide average earnings for digital forensics analysts at about $73,900 per year. The entire salary range spans from around $50,000 per year to $118,000 at the high end. What requirements are there to become a computer forensics analyst? In addition to a specialized degree that delivers the necessary technical skills, computer forensics analysts can obtain optional professional certifications that indicate proficiency with specific skill sets. A background in criminal justice also helps those aspiring to work in law enforcement. What is the role of a computer forensics investigator? Digital forensics analysts mainly work to retrieve, catalog, and safeguard digital data related to criminal and cybercrime investigations. They also preserve evidence to ensure its admissibility in court, and they may advise other investigators on the value or utility of other digital evidence they find. Professional Organizations for Computer Forensics Analysts. International Association of Computer Investigative Specialists: This high-profile organization offers three tiers of memberships to students, junior professionals, and law enforcement personnel. IACIS training and certification programs carry major prestige, and members enjoy priority access. International Society of Forensic Computer Examiners: This organization administers the industry-standard Certified Computer Examiner (CCE) credential. Formal membership remains available solely to CCE-certified professionals, who enjoy discounts on professional liability insurance along with many other career-building resources and benefits. The American Society of Digital Forensics and eDiscovery: Operating in select U.S. cities, including Chicago, Atlanta, and New York, this organization offers membership benefits that include hours of downloadable training videos and access to an exclusive career center. High Technology Crime Investigation Association: Offering free courses, intensive online training seminars, and a packed lineup of conferences and events, this education-oriented organization remains open to active professionals who investigate technology-based crimes and students in relevant programs. Related Careers. Incident Manager Information Security Consultant Information Security Specialist Return to Main Cybersecurity Job Page Latest Posts. 5 Best Online Cybersecurity Bachelor’s Degrees. January 5, 2022   |   CyberDegrees.org Staff Considering an online cybersecurity degree? Read on to learn about online bachelor's programs in cybersecurity and how to choose from top cybersecurity programs. Best Online Master’s in Cybersecurity Programs. December 7, 2021   |   Victoria Leigh An online master's in cybersecurity can boost your career options and earning potential. Check out our program rankings to kick off your search. Top Cybersecurity Schools and Programs. December 10, 2021   |   CyberDegrees.org Staff The best cybersecurity schools prepare students for exciting and lucrative IT careers. Explore our ranking of the best cybersecurity bachelor's degree programs. Are you ready to find a school that's aligned with your interests? Find the right education path to take advantage of this fast-growing industry and join the front-lines on technology and security. Close Latest Posts Security Specialist Certifications Day in the Life of a Security Specialist Security Specialist Salary How to Become a Security Specialist Women in Cybersecurity
                            [kwBody] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [term] => forensic
                                            [tf] => 87
                                        )

                                    [1] => stdClass Object
                                        (
                                            [term] => computer
                                            [tf] => 70
                                        )

                                    [2] => stdClass Object
                                        (
                                            [term] => analyst
                                            [tf] => 63
                                        )

                                    [3] => stdClass Object
                                        (
                                            [term] => computer forensic
                                            [tf] => 50
                                        )

                                    [4] => stdClass Object
                                        (
                                            [term] => forensic analyst
                                            [tf] => 46
                                        )

                                    [5] => stdClass Object
                                        (
                                            [term] => degree
                                            [tf] => 35
                                        )

                                    [6] => stdClass Object
                                        (
                                            [term] => computer forensic analyst
                                            [tf] => 32
                                        )

                                    [7] => stdClass Object
                                        (
                                            [term] => digital
                                            [tf] => 28
                                        )

                                    [8] => stdClass Object
                                        (
                                            [term] => cybersecurity
                                            [tf] => 27
                                        )

                                    [9] => stdClass Object
                                        (
                                            [term] => professional
                                            [tf] => 25
                                        )

                                    [10] => stdClass Object
                                        (
                                            [term] => job
                                            [tf] => 24
                                        )

                                    [11] => stdClass Object
                                        (
                                            [term] => program
                                            [tf] => 23
                                        )

                                    [12] => stdClass Object
                                        (
                                            [term] => digital forensic
                                            [tf] => 21
                                        )

                                    [13] => stdClass Object
                                        (
                                            [term] => master
                                            [tf] => 19
                                        )

                                    [14] => stdClass Object
                                        (
                                            [term] => bachelor
                                            [tf] => 18
                                        )

                                    [15] => stdClass Object
                                        (
                                            [term] => security
                                            [tf] => 18
                                        )

                                    [16] => stdClass Object
                                        (
                                            [term] => career
                                            [tf] => 17
                                        )

                                    [17] => stdClass Object
                                        (
                                            [term] => work
                                            [tf] => 16
                                        )

                                    [18] => stdClass Object
                                        (
                                            [term] => year
                                            [tf] => 15
                                        )

                                    [19] => stdClass Object
                                        (
                                            [term] => skill
                                            [tf] => 15
                                        )

                                    [20] => stdClass Object
                                        (
                                            [term] => certification
                                            [tf] => 15
                                        )

                                    [21] => stdClass Object
                                        (
                                            [term] => information
                                            [tf] => 14
                                        )

                                    [22] => stdClass Object
                                        (
                                            [term] => include
                                            [tf] => 14
                                        )

                                    [23] => stdClass Object
                                        (
                                            [term] => specialist
                                            [tf] => 14
                                        )

                                    [24] => stdClass Object
                                        (
                                            [term] => industry
                                            [tf] => 13
                                        )

                                    [25] => stdClass Object
                                        (
                                            [term] => investigation
                                            [tf] => 13
                                        )

                                    [26] => stdClass Object
                                        (
                                            [term] => organization
                                            [tf] => 12
                                        )

                                    [27] => stdClass Object
                                        (
                                            [term] => data
                                            [tf] => 12
                                        )

                                    [28] => stdClass Object
                                        (
                                            [term] => digital forensic analyst
                                            [tf] => 11
                                        )

                                    [29] => stdClass Object
                                        (
                                            [term] => technology
                                            [tf] => 10
                                        )

                                    [30] => stdClass Object
                                        (
                                            [term] => role
                                            [tf] => 10
                                        )

                                    [31] => stdClass Object
                                        (
                                            [term] => specialized
                                            [tf] => 10
                                        )

                                    [32] => stdClass Object
                                        (
                                            [term] => salary
                                            [tf] => 10
                                        )

                                    [33] => stdClass Object
                                        (
                                            [term] => earning
                                            [tf] => 9
                                        )

                                    [34] => stdClass Object
                                        (
                                            [term] => offer
                                            [tf] => 9
                                        )

                                    [35] => stdClass Object
                                        (
                                            [term] => forensic expert
                                            [tf] => 8
                                        )

                                    [36] => stdClass Object
                                        (
                                            [term] => degree cybersecurity
                                            [tf] => 7
                                        )

                                    [37] => stdClass Object
                                        (
                                            [term] => law enforcement
                                            [tf] => 7
                                        )

                                    [38] => stdClass Object
                                        (
                                            [term] => forensic specialist
                                            [tf] => 7
                                        )

                                    [39] => stdClass Object
                                        (
                                            [term] => skill computer forensic
                                            [tf] => 6
                                        )

                                    [40] => stdClass Object
                                        (
                                            [term] => master degree
                                            [tf] => 6
                                        )

                                    [41] => stdClass Object
                                        (
                                            [term] => information security
                                            [tf] => 6
                                        )

                                    [42] => stdClass Object
                                        (
                                            [term] => skill computer
                                            [tf] => 6
                                        )

                                    [43] => stdClass Object
                                        (
                                            [term] => forensic computer
                                            [tf] => 6
                                        )

                                    [44] => stdClass Object
                                        (
                                            [term] => computer forensic specialist
                                            [tf] => 5
                                        )

                                    [45] => stdClass Object
                                        (
                                            [term] => bachelor degree
                                            [tf] => 5
                                        )

                                    [46] => stdClass Object
                                        (
                                            [term] => cybersecurity bachelor
                                            [tf] => 5
                                        )

                                    [47] => stdClass Object
                                        (
                                            [term] => computer science
                                            [tf] => 5
                                        )

                                    [48] => stdClass Object
                                        (
                                            [term] => security specialist
                                            [tf] => 5
                                        )

                                    [49] => stdClass Object
                                        (
                                            [term] => forensic computer analyst
                                            [tf] => 4
                                        )

                                    [50] => stdClass Object
                                        (
                                            [term] => computer science computer
                                            [tf] => 4
                                        )

                                    [51] => stdClass Object
                                        (
                                            [term] => science computer engineering
                                            [tf] => 4
                                        )

                                    [52] => stdClass Object
                                        (
                                            [term] => cybersecurity program
                                            [tf] => 4
                                        )

                                    [53] => stdClass Object
                                        (
                                            [term] => forensic professional
                                            [tf] => 4
                                        )

                                    [54] => stdClass Object
                                        (
                                            [term] => forensic investigator
                                            [tf] => 4
                                        )

                                    [55] => stdClass Object
                                        (
                                            [term] => computer analyst
                                            [tf] => 4
                                        )

                                    [56] => stdClass Object
                                        (
                                            [term] => private sector
                                            [tf] => 4
                                        )

                                    [57] => stdClass Object
                                        (
                                            [term] => science computer
                                            [tf] => 4
                                        )

                                    [58] => stdClass Object
                                        (
                                            [term] => computer engineering
                                            [tf] => 4
                                        )

                                    [59] => stdClass Object
                                        (
                                            [term] => digital forensic expert
                                            [tf] => 3
                                        )

                                    [60] => stdClass Object
                                        (
                                            [term] => computer forensic professional
                                            [tf] => 3
                                        )

                                    [61] => stdClass Object
                                        (
                                            [term] => role computer forensic
                                            [tf] => 3
                                        )

                                    [62] => stdClass Object
                                        (
                                            [term] => requirement computer forensic
                                            [tf] => 3
                                        )

                                    [63] => stdClass Object
                                        (
                                            [term] => cyberdegreesorg staff
                                            [tf] => 3
                                        )

                                    [64] => stdClass Object
                                        (
                                            [term] => digital evidence
                                            [tf] => 3
                                        )

                                    [65] => stdClass Object
                                        (
                                            [term] => financial service
                                            [tf] => 3
                                        )

                                    [66] => stdClass Object
                                        (
                                            [term] => hard skill
                                            [tf] => 3
                                        )

                                    [67] => stdClass Object
                                        (
                                            [term] => collapse expand
                                            [tf] => 3
                                        )

                                    [68] => stdClass Object
                                        (
                                            [term] => role computer
                                            [tf] => 3
                                        )

                                    [69] => stdClass Object
                                        (
                                            [term] => technical skill
                                            [tf] => 3
                                        )

                                    [70] => stdClass Object
                                        (
                                            [term] => cost living
                                            [tf] => 3
                                        )

                                    [71] => stdClass Object
                                        (
                                            [term] => professional certification
                                            [tf] => 3
                                        )

                                    [72] => stdClass Object
                                        (
                                            [term] => requirement computer
                                            [tf] => 3
                                        )

                                    [73] => stdClass Object
                                        (
                                            [term] => degree program
                                            [tf] => 3
                                        )

                                    [74] => stdClass Object
                                        (
                                            [term] => cybersecurity school
                                            [tf] => 3
                                        )

                                    [75] => stdClass Object
                                        (
                                            [term] => computer examiner
                                            [tf] => 3
                                        )

                                    [76] => stdClass Object
                                        (
                                            [term] => job search
                                            [tf] => 3
                                        )

                                    [77] => stdClass Object
                                        (
                                            [term] => security consultant
                                            [tf] => 3
                                        )

                                )

                            [page_rank_decimal] => 44
                            [rank] => 898413
                        )

                    [19] => stdClass Object
                        (
                            [position] => 20
                            [title] => Digital forensics
                            [url] => https://www.interpol.int/en/How-we-work/Innovation/Digital-forensics
                            [destination] => https://www.interpol.int › How we work › Innovation
                            [description] => Helping our member countries make best use of electronic evidence
                            [isAmp] => 
                            [organic_position] => 20
                            [serp_type] => page
                            [isOrganicPage] => 1
                            [isOrganic] => 1
                            [serp_title] => Digital forensics - Interpol
                            [serp_description] => Electronic evidence is a component of almost all criminal activities and digital forensics support is crucial for law enforcement investigations.
                            [hostname] => interpol.int
                            [canonical] => https://www.interpol.int/en/How-we-work/Innovation/Digital-forensics
                            [h1] => Digital forensics
                            [h2] => Array
                                (
                                    [0] => What are you searching for ?
                                )

                            [h3] => Array
                                (
                                    [0] => What we provide to member countries
                                    [1] => Our publications
                                    [2] => Our international meetings
                                )

                            [h2WithAnchors] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [text] => What are you searching for ?
                                        )

                                )

                            [wordCount] => 602
                            [imgCount] => 9
                            [lang] => stdClass Object
                                (
                                    [langLinks] => Array
                                        (
                                            [0] => stdClass Object
                                                (
                                                    [lang] => en
                                                    [url] => /en/How-we-work/Innovation/Digital-forensics
                                                )

                                            [1] => stdClass Object
                                                (
                                                    [lang] => fr
                                                    [url] => /fr/Notre-action/Innovation/Criminalistique-numerique
                                                )

                                            [2] => stdClass Object
                                                (
                                                    [lang] => es
                                                    [url] => /es/Como-trabajamos/Innovacion/Analisis-forense-digital
                                                )

                                            [3] => stdClass Object
                                                (
                                                    [lang] => ar
                                                    [url] => /ar/2/4/7
                                                )

                                        )

                                    [size] => 4
                                    [string] => en / fr / es / ar
                                )

                            [faq_on_page] => Array
                                (
                                )

                            [anchors] => stdClass Object
                                (
                                    [size] => 23
                                    [outboundSize] => 0
                                    [list] => Array
                                        (
                                        )

                                )

                            [toc] => Array
                                (
                                    [0] => stdClass Object
                                        (
                                            [level] => 2
                                            [name] => What are you searching for ?
                                            [tag] => h2
                                            [children] => Array
                                                (
                                                    [0] => stdClass Object
                                                        (
                                                            [level] => 3
                                                            [name] => What we provide to member countries. 
                                                            [tag] => h3
                                                            [children] => Array