In line with more established forensic disciplines, digital forensics, a comparatively new field, also involves preserving the crime scene in a digital environment. Digital forensics practitioners examine evidence recovered from the complete range of digital devices and networks. This requires some understanding of computer technology, notwithstanding the advent of more automated forensic processes and tools.
Note
Many examinations do not necessarily end in a criminal case and may become part of civil legal action or internal disciplinary procedures. The reverse, of course, is also common, when a civil case can result in criminal prosecution.
Digital forensics falls into three broad categories:
Public investigations: These are state initiated
Private investigations: These are corporate
Individual: These are often in the form of e-discovery
Personnel misconduct investigation requiring digital forensic examinations is an emerging category. Defense and intelligence forensic examinations are considered another category, but it is not covered in this book.
Evidence found on a computer may be presented in a court of law to support accusations of crime or civil action such as:
Murder and acts of violence
Fraud, money laundering, and theft
Extortion
Involvement with narcotics
Sabotage and record destruction
Pedophilia and cyberstalking
Terrorism and bomb threats
Family violence
Typically, criminal investigations and prosecutions involve government agencies that work within the framework of criminal law. Law enforcement officers are granted search and seizure powers under relevant criminal laws that enable them to locate and capture devices suspected of being used in crimes or to facilitate them.