There is no universally accepted and adopted cybercrime investigation and digital forensics process. Each country has its own investigations and forensics protocols. Nevertheless, there are, however, international standards and good practices (see Cybercrime Module 4 on Introduction to Digital Forensics for a basic introduction to these standards and good practices) that could be adopted by countries in regards to cybercrime investigations and digital forensics, which refers to the process of collection, acquisition, preservation, analysis, interpretation, reporting, and presentation of digital evidence for use in investigations and prosecutions of various forms of crime, including cybercrime (see Cybercrime Module 5 on Cybercrime Investigations as well as Module 4). This Module explores good practices in the handling of digital evidence, its analysis, the reporting of digital forensics results, and the assessment of digital evidence.
While this Module focuses on cybercrime investigations and digital forensics in law enforcement investigations and prosecutions of cybercrime, many cybercrime investigations and digital forensics activities are conducted by those outside of the criminal justice system, such as private organizations (see Cybercrime Module 5 on Cybercrime Investigations).
The sub-pages to this section provide a descriptive overview of the key issues that lecturers might want to cover with their students when teaching on this topic: