There are four primary types of digital forensics which includes computer forensics, mobile forensics, network forensics and cloud forensics. Other types of digital forensics fall into one of these main categories. For example memory or disk forensics will generally fall under computer forensics depending on what type of storage techniques are being used, or wireless forensics will be categorized under network forensics. Each of these categories of digital forensics and their subcategories will be discussed at length in a later section.
Here’s a brief overview of the four types of digital forensics:
Computer forensics focuses on electronic data that is stored on computer devices such as hard drives, computers, laptops and documents. The data found on these devices is uncovered, preserved, extracted and then analyzed by the investigator. This uncovered data is then processed into analytic products and reports which are used in conjunction with other elements of the investigation. If it is a law enforcement investigation this information may be used as evidence in a case. If it is business related then the reported findings may be used to uncover a security breach or to recover lost digital content.
Mobile forensics is focused around digital materials that are associated with smartphones and other mobile devices. Modern cellphones store a large amount of diverse and relevant data that can prove to be useful in a digital forensics investigation. This includes but is not limited to graphics, images, videos, geolocation data, message logs, call logs and network data.
A computer network is any group of computer devices that are connected that share resources such as internet access. Both large and small networks can provide a large amount of data which may prove to be useful for investigators. This information can include Media Access Control (MAC) Addresses, IP addresses, network traffic statistics, packet captures and much more.
Cloud forensics refers to the digital recovery, analysis and preservation of data used in cloud computing. Cloud computing is essentially a type of service that is accessed over a computer network. This commonly includes Platform as a Service, Software as a Service and Infrastructure as a Service. As these services are used they create various digital signatures which can be helpful during a digital forensics investigation. This information may include login activity, user profiles, and files of which can reveal helpful information for the examiner.