Our last blog was an introduction into the world of digital forensics and discussed the challenges associated with this growing field. Subsequent blogs will go into these challenges in greater detail.

The tools and techniques used in digital forensics are to be applied to suspects, victims, and bystanders. Over the years, practitioners have tried to create a consistent but flexible approach to digital forensics investigations despite policy variations. The most common elements of the various proposed digital forensics models will be discussed in this blog.

Before data can be analyzed, they need to be collected from the crime scene and preserved to make a lasting record. Computers are based on computations of binary digits 0 and 1, also known as bits. Modern computers do most of their work on groups of 8 bits called bytes. Bytes are commonly used to store written text, where each letter is represented by a specific binary code. When recorded on a hard drive or memory card, bytes are grouped into blocks called sectors, which are typically 512 or 4096 bytes long. A sector is the smallest block of data a drive can read or write. Each sector on a disk has a unique identifying number called the logical block address.

To preserve data on a computer or phone, each sector must be individually copied and stored on another computer in a single file called a disk image or physical image. Not only does the physical image record every visible file from the original device, but also all of the invisible files. It also records portions of files that have been deleted but not yet overwritten by the operating system.

In cases that involve networks instead of individual machines, the data sent over the network connection are preserved, just like a wiretap.

Preservation of digital data is thus the first of many steps in digital forensics investigations, which will be explored in future blogs.

For assistance with any digital forensics investigations, contact Forletta. Our Pittsburgh and Cleveland private investigators are knowledgeable and are ready to help you with any of your investigation needs.

Source:

Garfinkel, Simson L. (2013). Digital Forensics. American Scientist.