Digital Forensics is a branch of Forensic Science pertaining to legal evidence found in computer systems, digital storage medium / Mobile phones. It performs forensic investigation on digital evidence while maintaining the documented chain of custody so that it can be presented as evidence in the court of law.
Scope of Digital Forensics
Scientific examination and analysis of Digital Storage Media for example Hard Drives, Flash Memory, Floppy Disks, CD/DVD, Mobile Phones and Personal Digital Assistants (PDAs). Retrieve/acquire evidence from digital media. Recovery of deleted digital data in case of damaged hardware / software failure that may have evidentiary value.
This section was established in 2015 with the support of Australian Federal police and deals in cellular forensic and extract data from.
- Mobile phones
- Memory cards
- Flash device (USB)
- Computer’s hard drive etc
Collection, Preservation and Transport of digital Evidence
- All items should be packed in suitable sized containers that will prevent contamination or deleterious change.
- Ensure that all digital evidence collected is properly documented, labeled, marked, photographed and inventoried before it is packed.
- Remember that digital evidence may also contain latent, trace, or biological evidence and take the appropriate steps to preserve it.
- Pack all digital evidence in anti-static packing to prevent it from static electricity. Only paper bags and envelopes, cardboard boxes and antistatic containers should be used for packing of digital evidence.
- Evidence should be packed in a manner to avoid from being bent, scratched or otherwise deformed. Plastic material should not be used for packing.
- Collect all power supplies, cables and adapters for all electronic devices seized.
- Shock resistance packing should be used to avoid physical damage to any component of the device(s).
- Label all containers used to pack digital evidence clearly and properly.
- The collected digital device(s) should be stored in a secure environment or a location that is not subject to extreme temperature or humidity. It should not be exposed to magnetic fields, dust, vibration, moisture or any other environmental elements that may damage it.
- Leave Mobile Devices/ Smart Phones in the power state (On or Off) in which they are found.
- Mobile Devices/ smart phones should be isolated from the Network using Network Isolation Techniques i.e. Faraday Isolation bags, Radio Frequency shielding material, anti-static packing and aluminum foils.
- All items are packed in containers that can be sealed.
- The evidence packing is labeled with at least the Submitting Agency case number and item number.