The Ultimate Digital Forensics Guide

If recent headlines are any indication, then there can be no doubt about it: cybercrime is on the rise, and it’s becoming an increasing threat to private individuals and businesses around the world. Because the methods employed by those who carry out cybercrime can often be technologically sophisticated, there is a need for an investigatory method that can keep pace.

Thankfully, due to the work of law enforcement around the world and private enterprise, there are tried and true tools, methods and processes for conducting digital forensics. Through this investigatory process, the perpetrators of cybercrime can be identified and brought to justice.

What follows is the ultimate digital forensics guide. In it, you will learn all of the information you need to know about this important investigatory method. Digital forensics, of course, isn’t just for law enforcement. Businesses and private individuals can use these methods to combat and protect themselves from cybercrimes.


Why Digital Forensics is on the Rise

By merely stepping outside of your front door, you should be able to realize the growing importance of digital devices in our lives. This subjective judgment is backed up by hard statistics:

  • 83% of all US households own a computer.
  • 91% of all US consumers check their email at least once a day.
  • 92% of all US executives own a smartphone that’s used for business.


With the usage of digital devices this prevalent, it’s easy to understand why cybercrime has been finding its way into the headlines more and more. Again, this is a subjective judgment backed up by hard statistics:

  • Cybercrime accounted for $12.7 million in losses for the US in 2014.
  • This figure is up 9% from 2013, when losses due to cybercrime totaled $11.6 million.
  • On the global level, cybercrime leads to $375 million – $525 million annually.

Clearly, the cost of cybercrime is high, and it’s only expected to rise. This makes the case for digital forensics quite clear.

Uses for Digital Forensics

When it comes to developing the tools and methods used in digital forensics, law enforcement has been at the forefront. The new technologies and methods that they’ve developed have made it possible collect digital evidence in ways that people never dreamed possible. It’s a good thing that these tools and methods have been developed, because many crimes are being perpetrated using technology.

There are a number of different kinds of investigations that can make use of digital forensics. Of course, this kind of forensics can be complementary to a regular criminal investigation, for example when law enforcement would like to examine a suspect’s cell phone. But, digital forensics can sometimes be the sole investigatory method employed, especially in cases like:

  • Intellectual property theft
  • Industrial espionage
  • Employment disputes
  • Fraud and forgery investigations
  • Bankruptcy investigations
  • Inappropriate use of business networks

As you can see, digital forensics has applications that fall outside of the law enforcement realm. In fact, many businesses may make use of these tools and techniques to monitor employees, especially those who might be acting contrarily to the business’ best interests. Attorneys and prosecutors also use digital forensics in cases involving divorce and child custody, among other things.

Legal Issues & Ethics

As with any other investigation, there are two primary areas of the law that a digital forensics investigator should be concerned with. They should ensure that they have the authority to monitor and collect data from the digital device or devices in question, and they should ensure the methods employed to collect that data will allow for evidence to be admissible.


To assist those conducting such investigations, the Association of Chief Police Officers (ACPO) has issued a document that outlines the best practices for conducting a digital forensics investigation. It is called the “Good Practice Guide for Digital Evidence”. In it, they lay out four key points that every such investigation should follow:

  • No investigatory action should compromise the data held on the device or storage media being accessed.
  • When accessing original data, the person doing so must be competent in the methods used. Further, they must be able to provide evidence that explains the relevance and implications of whatever actions they take.
  • The investigation should keep records of every tool, method and process employed. This record should allow a third party to replicate the investigatory team’s results.
  • The person overseeing the investigation should have sole responsibility for ensuring the above guidelines are follow, as well as all laws that are relevant.

The above, it should be noted, are only general guidelines. If conducting a digital forensics investigation in the United States, one should ensure that he or she is following the relevant laws. These include:

  • The 4th and 5th Amendments
  • The Wiretap Act
  • The Pen Registers and Trap and Trace Devices Act
  • The Stored Wired and Electronic Communication Act
  • Federal Rules of Evidence

By following the above guidelines and operating within the bounds of the law, any digital forensic investigation should prove successful.

4 Stages of a Forensics Investigation

In order to conduct a digital forensics investigation, you follow move through four stages:

  • Seizure: This involves obtaining the physical device (or access to that device) through legal means and in a manner that preserves the data that is on the device.
  • Acquisition: A copy of that data on the device is made. The original data’s integrity must be preserved in order to preserve the integrity of the investigation.
  • Analysis: A number of different tools and methodologies are used to conduct a review of the raw data, and conclusions are drawn.
  • Reporting: The results of the investigation are shared, along with a detailed account of how those results were arrived at.

By following these procedures, a digital forensics investigation can ensure that the laws are followed and that the evidence gathered can be admissible in court if need be.


The Insider’s Secret Weapon – Cellebrite

Cellebrite UFED is the number one device when it comes to conducting field and in-lab digital forensics investigations. The system is capable of extracting all data from a device, even that data which has been hidden or deleted. It works on a range of mobile devices, as well as GPS devices, tablets and memory cards. It’s a favorite of digital forensics investigators everywhere because it’s easily transportable, offering a quick way of examining any digital device. It’s used in over 100 countries, and there are 150,000 devices in circulation, 30,000 of which are used by law enforcement. If you want the ultimate digital forensics tool, this is the ideal choice. Just ask the countless law enforcement, military, intelligence, corporate security and eDiscovery entities that use it!

With a digital forensics lab that is so substantial in capability and staff expertise that it surpasses that of almost every law enforcement lab in the U.S., Prudential Associates is considered a leading authority in digital forensics investigation.

For more information regarding the many different digital forensics services provided by Prudential Associates, please contact us.