Digital forensics is the use of scientifically derived and proven methods to the collection, validation, and analysis of digital evidence derived from digital sources (Song & Carroll, 2017). The purpose of doing so is to facilitate or further the reconstruction of events found to be criminal. In doing forensic analysis, specific scientifically proven methods are followed. The methodology is five steps which include preparation, extraction, identification, and analysis (Song & Carroll, 2017).
Preparation and Extraction
The people who lead forensic research are called examiners; and their first role in the forensic examination is preparation (Song & Carroll, 2017). Preparation involves ensuring there is sufficient data to proceed with the investigation. They always clarify the lead question and ensure there is enough data to answer it. The first stage in the preparation phase thus involves the validation of all hardware and software materials which are needed to aid the search. They also ensure such elements work as expected, such that they don’t hinder any extraction in the later stages. It is highly recommended that organizations validate hardware and software after purchase, or after any change like updating, patching or reconfiguration.
Once the forensic apparatus are ready, the investigator duplicates the data and validates its authenticity. That happens after the examiners have obtained the necessary legal requirements. After verification and confirmation of data integrity, plans are made to extract the data. The first thing in the extract is refining the request to questions which they can easily answer, and whose probability of obtaining answers are realistic. The questions are added to the lead search list, which helps them to focus on the specifications. For examples, if the examiners are examining financial fraud, the lead search question can be ‘search for irregular financial transactions.’ The lead search list can have multiple questions, and as they extract data and come along new possible evidence, they can reframe the questions, and include them on the list.