Cyber forensics can be defined as the process of extracting information and data from computer storage media and guaranteeing its accuracy and reliability..
Digital forensics serves as a supporting proof or corroborating evidence often made by prosecutors and defendants to refute a claim that a certain activity was done by a specific person using a piece of digital equipment. The most common use is to recover erased digital evidence to support or disprove a claim in court of law or in civil proceedings such as the eDiscovery process in courts. Forensics is also used during internal corporate investigations or intrusion investigation which includes additional activities like network and log review.
The challenge of course is actually finding this data, collecting it, preserving it, and presenting it in a manner acceptable in a court of law..
Our computer forensics procedures can be distilled into three major components:
Make a digital copy of the original evidence:Our investigators make a copy of the evidence and work with the copy to reduce the possibility of inadvertently changing the original evidence.
Authenticate that the copy of the evidence: Our investigators will then verify the copy of the evidence is exactly the same as the original.
Analyze the digital copy: The specific procedures performed in an investigation are determined by the specific circumstances under which the investigation is occurring.