The Changing Role of Digital Forensics in Investigations

How Cyber Laws are Impacting Digital Forensics
May 4, 2015
Cybercrimes and the Importance of Digital Forensics
June 1, 2015
Show all

The Changing Role of Digital Forensics in Investigations

The digital world that we live in only becomes more and more encompassing as the days go by, and this is leading to a sharp rise in the number of cybercrimes each and every year. As a matter of fact, it was estimated that cybercrime led to the loss of nearly $12.7 million during 2014 in the United States. This was up sharply from the year before, when cybercrime accounted for a loss of $11.6 million. When one pulls out to take a look at the global picture, the facts are even direr. It’s estimated that cybercrime leads to losses of somewhere between $375 million and $525 million every year.

As you might expect, the increase in cybercrime has caused law enforcement agencies to step up their digital forensic efforts. In order for these cybercrimes to be completely investigated, it’s important that investigators have access to tools, methods, and techniques for identifying, collecting and analyzing digital evidence. Thankfully, law enforcement and private enterprise have been up to the challenge, and there are now more tools than ever at their disposal. These include devices like Cellebrite’s Touch Ultimate UFED, the insider’s secret weapon, which can be used to access evidence on virtually every mobile device there is.

Best Practices Continue to Be Refined

When it comes to digital forensics across the globe, the Association of Chief Police Officers has the definitive word for best practices. They’ve laid them out in a document entitled the “Good Practice Guide for Digital Evidence” and essentially this document outlines the four key principles that every digital forensic investigation should adhere to. Although it was originally intended for use in the United Kingdom, this document has become the international standard for digital forensics. And, it continues to evolve over time, as best practices move to keep up with the ever-changing digital landscape and the methods that cybercriminals employ.

The Four Stages of a Digital Forensics Investigation

Because these kinds of investigations have become so commonplace, a standardized method has been identified for conducting them. There are four steps that any digital forensics investigation should follow in order to find success.

  • Step 1: First the digital device that’s being investigated must be seized in a manner that comports with the law and that preserves the data held on the device.
  • Step 2: Evidence is not physically taken from the device. Instead, it’s copied, which ensures that the device remains in the condition in which it was originally found.
  • Step 3: Once the data has been copied, it is then analyzed. A variety of different tools and methodologies can be employed to conduct this analysis, which should ultimately yield conclusions.
  • Step 4: The results of the investigation are reported, as well as the methods and processes that were used to gather the evidence.


This standard method of conducting a digital forensic investigation follows the guidelines set forth by the ACPO quite closely. Because of this, you can consider this method of conducting an investigation to be ironclad.

Digital Forensics Has Myriad Applications

With respect to law enforcement, digital forensics is used not just to investigate cybercrimes, but also regular crimes as well. Often, evidence needs to be gathered and collected off a criminal’s mobile device or computer. But, it’s not just law enforcement that has a use for digital forensics; businesses and private individuals can also make use of it. Recent high-profile hacking events demonstrate the need for businesses to have the tools of digital forensics at their disposal. Such investigatory tools and methods can also be used to settle employee disputes and issues of harassment in the workplace.

Considering all of these things, the conclusion is clear. Digital forensics is completely changing the way cybercrimes (and regular crimes are investigated). And it’s also allowing businesses and private individuals to protect themselves from the dangers of cybercrime.