Cyber forensics
Cyber forensics
(also digital forensics)
Cyber forensics definition
Cyber forensics is a branch of forensic science focusing on the recovery and analysis of digital evidence. Cyber forensics is not a separate discipline by itself — rather, it covers a broad array of disciplines related to gathering information from digital systems, such as computer forensics and network forensics.
Cyber forensics techniques continue to develop as the world becomes increasingly digitized. With the advent of mobile computing and the internet of things (IoT) technologies, a cross-disciplinary approach becomes necessary to conduct effective criminal investigations, corporate inquiries, and civil cases.
See also: computer forensics, network forensics, cloud forensics, dead-box forensics, memory forensics
Cyber forensics disciplines
- Computer forensics: Investigating computer systems and data. Computer forensics tools include EnCase (commercial software used to extract evidence from storage devices) and FTK (a program used to examine file systems, search for keywords, and recover saved data).
- Mobile device forensics: Extracting evidence from smartphones, tablets, and other similar devices. An example of a mobile forensics tool would be MSAB XRY, a program to extract data from smartphones and feature phones.
- Network forensics: Analyzing network traffic to identify security breaches and cyberattacks. Wireshark (an open-source network protocol analyzer) and Nmap (a network scanning and discovery program) are two popular examples of network forensics tools.
- Cloud forensics: Investigating data stored in cloud services and platforms. For example, Magnet AXIOM is a digital platform that can be used to extract and analyze data from various cloud services.
- Memory forensics: Extracting information from the computer system’s volatile memory. Volatility is a popular memory forensics tool, capable of analyzing the device’s volatile memory (RAM) to extract information and uncover running processes.