The Importance of Digital Forensic Investigation

Digital Forensic and Electronic Data

Digital forensic is the process of exposing and interpreting electronic data with an aim of preserving first hand evidence. This is done by performing a concrete investigation through collecting, identifying and validating the discrete data in an effort to trace the past events. Digital forensic can also be defined as a branch of science that concentrates of the restoration and critical analysis of raw data that exists in electronic or digital devices. The article “International Convention on Information and Communication Technology, Electronics and Microelectronics” explains how information is retrieved from a mobile phone in order to preserve evidence and this is part of digital forensic since it is hard to conduct a digital forensic investigation without involving a mobile phone. There is another article “IFIP Advances in Information and Communication Technology” which tries to explain the science behind interrogation of the failed database and the attempt of constructing back metadata and page information which makes it an interesting topic of digital forensic.

The Importance of Mobile Phones in Digital Forensic

The first article “International Convention on Information and Communication Technology, Electronics and Microelectronics” explains that due to the portability manner of mobile phones they become very important data carriers keeping track of every single step you make. Mobile phone use has increased with a high rate in the current world and people associate with them every day including in crimes. This makes the data obtained from these phones to be very important source of evidence to assist in criminal investigation and also in other high profile cases. The call logs and the GPRS data of mobile devices are frequently used to conduct investigations (Dogan & Akbal, 2017).

The Challenges of Mobile Forensic Process

Mobile forensic process is subdivided into three sub-branches; seizure, acquisition and analysis. Forensic analysts experience several predicaments when seizing the mobile devices as the main source of evidence. The analyst is forced to place the mobile in a Faraday bag in case the phone was powered off at the moment when the crime scene occurred(Dogan & Akbal, 2017).This is done to protect the alteration of information if in any case the mobile phone will switch itself on automatically. The Faraday bags are designed for specific purposes and that is to separates the mobile phone from the available networks. It becomes a lot of concern to switch off a phone that was already switched on and if the phone at crime scene had a pin or the password the investigator is supposed to identify the pin or remove the lock in order to access the device. Mobile phones are devices which are networked and they can perform both the tasks of sending and receiving data through a variety of sources like Bluetooth, the systems of telecommunications and also points of Wi-Fi access. The criminal can safely delete the important evidence stored in the phone through execution of a command of remote wipe provided the mobile phone is switched on.

Methods of Forensic Acquisition and Analysis of Mobile Devices

According to Dogan and Akbal (2017), forensic acquisition of mobile devices can be done through a variety of methods and each method has impacts on the amount of analysis required therefore if one method does not work another one is tried. Many trials and tools are recommended in order to acquire the most information from the mobile phones. Mobile devices are very dynamic and they make it hard for the investigators to make analysis and extract information as digital evidence. The high rate and emergence of different types of mobile devices from varying manufacturers make it hard to establish one process or tool to analyze all the kinds of devices.

Interrogating Failed Databases and Database Forensics

“IFIP Advances in Information and Communication Technology” is an article that explains how failed database is interrogated and how attempts to reconstruct the metadata and page information are done within a data set (Fasan & Olivier, 2012). There is a bit of confusion between database forensics and database recovery and people tend to think it is the same thing. Database recovery is a process of restoration of data where it makes the data fertile enough to enter back an environment for production.

Database Forensic Specialists and Investigation

A forensic specialist interrupts in cases where there is failure of database, erasing of information in database, there is no consistency in the data of database and when the behaviors of the users raise suspicions. Database forensic experts mostly apply the read-only method or a similar forensic copy of the data during an interface with the database to make sure that none of the database is compromised. They run tools of diagnosis which assists in creating a forensic database copy which will help in analysis. It helps in the reconstruction of the data which is missing and also deciphers data and shows the possible cause of corruption. This helps the examiner to acquire the data that the involved parties require and can assist in investigation and the prosecution of the criminals if the criminal proceedings are started (Pavlou & Snodgrass, 2013).

Comparison between Mobile Forensic and Database Forensic

The similarity in the two articles is that both articles involve ways of obtaining digital evidence from digital devices. The articles discuss the different technological methods used to capture evidence in crime scenes by forensic experts. The difference between the articles is that the first article focuses on the knowledge of obtaining the evidence through mobile phone devices while the point of focus in the second article is using database forensic as a tool to obtain the digital evidence where the database forensic experts use read-only method to protect the data from being compromised.

References

Dogan, S., & Akbal, E. (2017). Analysis of mobile phones in digital forensics. 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). doi:10.23919/mipro.2017.7973613

Fasan, O. M., & Olivier, M. (2012). Reconstruction in Database Forensics. IFIP Advances in Information and Communication Technology, 273-287. doi:10.1007/978-3-642-33962-2_19

Pavlou, K. E., & Snodgrass, R. T. (2013). Generalizing database forensics. ACM Transactions on Database Systems, 38(2), 1-43. doi:10.1145/2487259.2487264