Hello there lovely people and welcome back to another episode of STEM on the Streets! If you are new here, my name is Aiza and this is my partner CAI (Crime Ai). If you haven't read the previous episode, click the button to read it!
Recap
Hey CAI, could you give a quick recap of the previous episode?
(✿◡‿◡)CAI: Yeah sure
In the previous episode, we found out that digital forensics is crucial for investigating cybercrimes and also plays a significant role in non-cyber crimes. It involves identifying, acquiring, preserving, analyzing, and presenting digital evidence, which helps to solve various crimes such as data breaches, online fraud, and physical crimes. This is done by examining data from devices like computers, mobile phones, and networks. Digital forensics is divided into five branches: Computer Forensics, Mobile Device Forensics, Network Forensics, Forensic Data Analysis, and Database Forensics, each focusing on different aspects of digital evidence.
Cybersecurity Vs Digital Forensics
One of the biggest misconceptions is that cybersecurity and digital forensics are the same thing, when, in fact, they aren't- this really upsets CAI.
(✿◡‿◡)CAI: Wait- what? I thought it irked you-
Shhh, CAI! Just go with it.
(✿◡‿◡)CAI: Why though? Aren't you like really big on cybersecurity and all?
I am but cause you are the Ai bot, it should irritate you further. Besides, why do you think I am making you do most of the work in Cyber Detectives?
(✿◡‿◡)CAI: Because you don't like anything to do with computer science?
What- no! Because you like tech and all.
(✿◡‿◡)CAI: Aiza, that is very stereotypical, we Ai can like more than just tech. I am offended.
Ok, so now where were we? Ah, yes! The mix-up between cybersecurity and digital forensics really saddens CAI.
(*  ̄︿ ̄)CAI
These two fields are closely connected, there is only a thin line which separates both. Digital forensics focuses on who, what, how and why a crime was committed however cybersecurity focuses on protecting systems and data from being compromised. Digital forensics works with crime investigations and law enforcement and it is usually there for when a security breach occurs or when a digital crime is committed. Cybersecurity is there to prevent breaches of data and systems.
Key Steps in a Digital Investigation
'Kay, CAI, you can do this bit.
(✿◡‿◡)CAI: I would absolutely love to!
So you do like tech and all.
(✿◡‿◡)CAI: No comment.
(✿◡‿◡)CAI: There are five key steps in an investigation:
Identification
Preservation
Collection
Analysis
Presentation
Identification
Identification involves recognising or identifying potential sources of evidence, such as computers, mobile devices and network logs.
CAI, hope you don't mind me interrupting, but can I give an example?
(✿◡‿◡)CAI: Go ahead.
An example for identification is: Identifying a suspect’s laptop as a source of deleted emails relevant to an investigation.
Preservation
Preservation involves protecting the evidence in its original form to prevent tampering. Imaging is a preservation technique.
For example: Creating a forensic image of a hard drive to prevent tampering with data during analysis.
Collection
Data is gathered from identified sources using special tools which do not modify the evidence's original form.
For example: Extracting files, emails, and browsing history from a suspect's computer using EnCase. (EnCase is a digital forensics software that helps investigators acquire, analyze, and report on digital evidence from various devices, widely used in law enforcement and corporate investigations.)
Analysis
The collected evidence is examined to reconstruct events or discover hidden information. Investigators may look for patterns or deleted files.
For example: Analyzing chat logs to determine if sensitive company data was shared with external parties.
Presentation
Findings are compiled into reports that can be used in legal proceedings, explaining the evidence and its significance clearly.
For example: Presenting a timeline of network breaches to show when and how hackers infiltrated a company’s system.
Challenges in Digital Forensics
Digital forensics is not perfect and faces its challenges. One of the major challenges is dealing with encrypted data, making it tricky to access. Also, the sheer volume of data in investigations can be overwhelming, not to mention the legal and jurisdictional issues linked to cloud storage. It's crucial to ensure the integrity and admissibility of digital evidence in court, all while keeping up with rapidly evolving technology and cyber threats. Another challenge is preserving evidence without altering it, which calls for specialized tools and expertise.
That is all for today folks!!! Next episode we will be doing our first digital crime! Until next time!
This is Aiza Jamil signing out!
I am a forensics sleuth, what is your mystery to solve?
Opmerkingen