Digital forensics is an investigative activity carried out to find digital evidence that will strengthen or weaken the physical evidence of the case that is being handled. Digital forensics itself is needed because usually the data in digital devices are locked, replaced, hidden or even deleted.
The growth of computer crime during the 1980s and 1990s led law enforcement agencies to form special teams, usually at the national level, to deal with the technical aspects of investigations. For example, in 1984 the FBI formed a Computer Analysis and Response Team.
The existence of evidence is very important in the investigation of computer crime and computer-related crime cases because it is with this evidence that an investigator and forensic analyst can uncover cases related to computer crimes in complete chronology, to then trace the whereabouts of the perpetrators and for processing. by law enforcement.
Digital forensics can be grouped according to the source of digital evidence, including:
- Mobile device forensics is a branch of digital forensics regarding the acquisition of mobile devices to recover digital evidence such as records of incoming and outgoing calls, contact lists, SMS, and locations.
- Network forensics is part of digital forensics that is used to find digital evidence such as the source of security attacks on a network.
- Computer forensics is a branch of digital forensics that deals with evidence on computers and digital storage media.
- Database Forensic is a branch of digital forensics which is concerned with the forensic study of databases and metadata.