The IT Law Wiki

Digital forensic analysis

32,068pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Digital forensic analysis is

the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.[1]

Overview Edit

Digital forensic analysis can be conducted on different types of media, such as global positioning system devices, memory cards, or compact discs, and can be conducted by federal, state, and local law enforcement agencies in support of a variety of investigations, such as online child pornography crime and identity theft.

The process for performing digital forensics comprises the following basic phases:

  • Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data.
  • Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data.
  • Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination.
  • Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

References Edit

  1. DFARS Clause 252.204-7012(a).

Source Edit

Also on Fandom

Random Wiki