Ready to become the digital world’s answer to Sherlock Holmes?
Grab your magnifying glass and jump into digital forensics!
Learning about cyber security often means understanding different attacks and how to prevent them. But cyber criminals are constantly finding new techniques, and not every cyber security attack can be avoided!
So, what happens after a cyber security incident occurs? This is where digital forensics comes into play.
Let’s start with a basic overview in this quick beginner’s guide!
What is digital forensics?
Digital forensics is an investigation that occurs in the aftermath of a criminal case or a potential cyber security attack.
In cyber security, the investigation involves analysing a system to see if it is breached and uncovering how it became compromised.
The goal is to dissect what was happening at a given moment in time. What happened when that cyber criminal got into a system? How did they get there? And what did they steal?
Digital forensics investigations
Digital forensics investigations are very meticulous to ensure the evidence found and conclusions made are defendable.
Presenting valid evidence in court means being as detailed and accurate as possible throughout the investigation. Evidence can be obtained by:
- Noting down verifiable conclusions in a notebook.
- Taking a memory capture to provide a snapshot of the current state of a system.
- Carefully sealing physical evidence such as hard drives or USB sticks in named and dated evidence bags.
Make a mistake at this stage, and your evidence may not be valid for the courtroom!
There are some instances where speed might be a more critical factor than courtroom evidence. This could be the case when determining the scale of a breach, as significant information needs to be gathered immediately.
Choices on which factors should be prioritised will ultimately be decided by upper management before the investigation begins.
Digital forensics methods
Digital forensics is an advanced skill that can require you to specialise in various methods and techniques. These include:
- Disk forensics
- Memory forensics
- Network packet analysis
- Log analysis and timeline reconstruction
- Data recovery
Once you understand the foundations of the digital forensics process, you can explore some of these subject areas in more depth!
Now that you’ve got a taster of digital forensics, build your knowledge in the CyberStart Forensics Base. Become an investigator and use your detective skills to uncover the digital trails of cyber criminals.