Digital forensics is the practice of using scientific methods to preserve, analyze, and present digital evidence. It involves the recovery and investigation of data found on digital devices. This includes devices such as computers, smartphones, and tablets. The goal is to answer the six critical questions of an investigation “what,” “where,” “when,” “who,” “why,” and “how.” What a digital forensic expert can help identify:

1. Motive – Why the user performed the activity
2. Means – The tools and methods used
3. Opportunity – How and when the activity was performed.

There are numerous tools available that aim to automate the process. However, these tools should not be trusted blindly. They often serve as a good shotgun approach, akin to a “Google search” for evidence, and may or may not provide accurate results. For this reason, it is essential to manually verify the findings of these tools; this is done by ensuring that the data they present is accurately parsed. An example of this is that tools might incorrectly parse latitude and longitude data in URLs as location evidence. By manually verifying the output of these tools, investigators can ensure the accuracy and validity of their findings. Digital forensics can be broken down into subcategories of specialty.

• Computer forensics involves the forensic examination of computers and other digital devices to recover and analyze digital evidence for use in legal proceedings. This type of forensics typically focuses on ...