When considering the role of digital forensics in the examination of the different forms of electronic evidence, it can be said that the process consists of the collection, preservation, analysis, and presentation of information gathered during an investigation. In civil, criminal, and administrative matters, an examination can be requested by any party, as it relates to their court case or pending litigation. Evidence can be gathered from traditional sources of electronic evidence, such as a computer’s storage and memory, including magnetic hard drives, flash memory, external hard drives, USB flash drives, and, more commonly in this present day, cloud computing services, such as Google, Amazon Web Services, Dropbox, and more.
Common items a digital forensics examiner will search for are spreadsheets, accounting information, images and graphics, deleted files, hidden files, cached information, browser history, and internet cookies. Email information, if stored in the cloud, is difficult to obtain by simple means, though there are methodologies. If the owner of the system being examined used an email client on their system, such as Microsoft Outlook Express, their will normally be an email archive resident on the system that can be acquired and extracted for further examination. Examiners need to proceed with a high standard of ethics in order to maintain the integrity of the data being acquired or preserved, either for examination or for future litigation, as in a legal hold.
There are several subdisciplines that make up the digital forensics profession, with the oldest and most obvious of them being computer forensics. Computer forensics is where it all began, but the digital realm has expanded beyond that of just computers, which is why it is now referred to as digital forensics. Digital forensics also includes subdisciplines of incident response, cell phone forensics, GPS forensics, media device forensics, social media forensics, digital video and photo forensics, digital camera forensics, digital audio forensics, multiplayer game forensics, and game console forensics. With such a wealth of digital forensics subdisciplines, it shouldn’t be surprising that there is so much electronic evidence ready for gathering, sometimes in the most obvious of places, but the least suspected.