The purpose of this book is to provide you with a clear understanding of digital forensics from its relatively recent emergence as a subdiscipline of forensics to its rapidly growing importance alongside the more established forensic disciplines. This chapter will enable you to gain a clear understanding of the role of digital forensic practitioners and the cybercrime and corporate environments, where they are actively seeking evidence of crimes and civil offences. A small sample of case studies of digital crime scenes will enable you to understand the complexity typical of many cases and the challenges posed to the forensic practitioner.
During the past 10 years or so, there has been a growing interest in digital forensics as a part of tertiary courses and as a career path in law enforcement and corporate investigations. New technologies and forensic processes have developed to meet the growing number of cases relying on digital evidence. However, it has been apparent that the increasing complexity, size, and number of cases is creating problems for practitioners, who also face resource and costing restrictions as well as a shortage of well-trained, experienced personnel. The book will describe these challenges and offer some solutions that have helped me in my practice and research endeavors, and which will hopefully assist and empower current and prospective practitioners to manage problems more effectively in the future.
Inherent security problems associated with personal computers, tied to their popularity in the workplace, have spawned new problems for law enforcement. For example, organizations undertaking criminal investigations or completing internal audits typically encounter the tedious examination of computer records to recover digital evidence. Such examinations urgently require new forensic processes and tools to help practitioners complete their examinations more effectively.
These are exciting times for those practitioners seeking to enhance their important role in assisting the legal fraternity. For those wishing to join the discipline, they will be doing so at a time when practitioners are at a crossroads in terms of changes affecting evidence recovery and management. Banality, complacency, and fatigue are common within the discipline, and the enthusiasm of entering the profession can rapidly dissipate because of the tedium and heavy caseloads, notwithstanding the inherently exciting and important nature of the work. What will be shared with you are new and more effective ways of reducing tedium and time wastage, reinvigorating practitioners, and restoring the excitement of the hunt for evidence, heralded by the gentle winds of change sweeping across the discipline that will eventually turn into a whirlwind if some challenges are left unattended.
The following topics will be covered in the chapter:
An outline of the history and purpose of forensics and, specifically, digital forensics
Definitions of the discipline and its role vis-à-vis more established forensic disciplines
Descriptions of criminal investigations and the rise and nature of cybercrime
An outline of civil investigations and the nature of e-discovery, disputes, and personnel disciplinary investigations
An insight into the role of digital forensic practitioners, the skills and experience required, and the challenges confronting them
A presentation of case studies of noteworthy digital forensic crime scenes to highlight the topic