What are the types of Digital Forensics?

Computer forensics

Computer forensics involves the collection, preservation, analysis, and presentation of evidence found on computers and related storage devices. Forensic computer investigators look deeply into the contents of storage devices, hard drives, emails, documents and other files. They also dig into metadata and also extract data that is hidden or deleted.

Mobile device forensics

Mobile forensics deals with the examination and analysis of mobile devices to retrieve stored data such as contacts, logs, SMS, audio and video files, email, web browsing information, location information, social networking messages etc. Mobile forensics has become increasingly important in recent times due to the fact that devices have grown into sophisticated, pocket-sized computers with ever-increasing functionalities and data storage capacities.

Network forensics

Network forensics relates to monitoring a computer network and analyzing the traffic to gather information, evidence, or source of cyberattacks. Network forensics in the context of cyberattacks deals with analyzing the nature of attacks by focusing on attacker activity.

Database forensics

Database forensics relates to the forensic analysis of databases and the data they store. Often computer forensic investigators analyze databases to see who accessed the database and what actions were performed over a specific period of time to identify suspicious activities or transactions. They can potentially recover deleted information.

Wireless forensics

Wi-Fi networks are lucrative entry points for hackers. Wireless forensics deals with capturing data moving over wireless networks via wireless routers, wireless access points, Wi-Fi switches and other Wi-Fi transmissions. Computer forensic experts often analyze wireless networks to identify rogue or unauthorized devices, malware, intrusions, or infected devices.

Disk forensics

Disk forensics involves extracting data from storage media such as hard drives, USB drives, Flash drives, and so on. Computer forensic experts use their knowledge and experience - supplemented with tools, technology, and examination techniques - to recover data from devices even in situations where the devices are physically or logically damaged.

Cloud forensics

Cloud forensics involves applying the principles and methods of forensic investigation in a cloud environment. This often turns out to be quite complicated because data could be distributed across several cloud servers which, in turn, could be located in various physical locations and even different countries. While performing Digital Forensic Investigations on such a scattered dataset can be challenging, experienced computer forensic investigators have means to tackle these assignments.

Email forensics

Email forensics deals with recovering and analyzing the source and content of emails including deleted emails, calendar entries, contacts, and such. Computer forensic investigators typically analyze email headers, server logs, email sources, attachments in emails, and so on to investigate email-related crimes.

What is the Digital Forensics process?