Digital forensics(sometimes Digital forensics science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term was originally used as a synonym for computer forensics but has expanded to cover other devices capable of storing digital data.
There are three types of forensic tools:
- Computer Forensics Tools – addressing data at rest – imaging hard-drives, searching, previewing, analyzing and recovery of deleted data;
- Network Forensics Tools – addressing data in motion – capturing and reconstructing entire sessions, searching capabilities, previewing of sent/received data, as well as alerting and reporting features.
- Mobile Forensics Tools.
As well as identifying direct evidence of a crime, digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example, in copyright cases) or authenticate documents. Investigations are much broader in scope than other areas of forensic analysis (where the usual aim is to provide answers to a series of simpler questions) often involving complex time-lines or hypothesis.
Forensic Tools can help in dealing with the increasing number of illegal or inappropriate activity, document discovery, discovering data leakage or for recovery of deleted data. Investigators, either internal or external, can use such solutions to collect and analyze data in a forensically manner.