Chapter 2Digital forensic approaches and best practices

Introduction

Forensics is the application of the scientific process to answer a question. For digital forensics to be an accepted science, it has to apply the scientific method. The scientific method is the application of a set of accepted and verifiable steps to investigate a question or problem. The digital forensic process needs to include a thorough enough review to confirm findings, and it should not overlook artifacts that may discredit the findings. In other words, the investigator needs to follow due diligence and review all facts, not just the facts that produce a desired result. In many instances, the forensic review will be performed for one party and the same evidence will ...

Get Digital Forensics Explained, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.