This module is a resource for lecturers


Digital forensics involves the process of identifying, collecting, acquiring, preserving, analysing, and presenting of digital evidence. Digital evidence must be authenticated to ensure its admissibility in a court of law. Ultimately, the forensic artefacts and forensic methods used (e.g., static or live acquisition) depend on the device, its operating system, and its security features. Proprietary operating systems (which investigators may be unfamiliar with) and security features (e.g., encryption) serve as impediments to digital forensics. For example, encryption, which blocks third party access to users' information and communications, could prevent law enforcement authorities from accessing data on digital devices, such as smartphones (see Module 10 on Privacy and Data Protection for further information).

Next: References
Back to top