Digital Forensics: Different Types of Digital Evidence
Digital evidence is any information available in digital form that may be useful while doing an investigation. This blog provides an overview of the different types of digital evidence.
Locard's Exchange Principle
Locard's Exchange Principle for investigation is the belief that if someone enters a crime scene, takes something from the crime scene, and also something leaves it behind. In reference to digital forensics, It simply means that digital evidence may provide a lot of information if collected properly.
Best Evidence Rule
Remember, the court always accepts original digital evidence of documents, and media files such as video, audio, image, etc. Generally, courts will not accept a copy of digital evidence unless it is justifiable in a court of law. Integrity is a critical aspect of any digital evidence. Cryptographic hashes may be used for checking the integrity of digital evidence.
Types of Digital Evidence
(1) Volatile Data
Volatile data is data that is lost after switching off the IT devices.
Examples of Volatile Data:
- Running processes information
- open files on desktop/laptop
- Clipboard content
- Open browsers
- System time
- Private Dynamic IP details
- Logged-on users
- Content on RAM
(2) Non-volatile Data
Non-volatile Data is data that is stored in hard disks and generally not lost after switching off IT devices.
Examples of Non-volatile Data:
- Hidden files
- Event logs
- Registry settings
- Files stored in memory drives
How is Digital Evidence created?
Whenever digital evidence gets seized, investigators try to identify potential information from them that is helpful in resolving the case. If perpetrators use IT devices, a lot of information is getting by investigators by seizing them. Digital evidence is created by mainly 2 sources. The first source is the user and the second source is a system.
(1) By User
Users themselves created so many files on the desktop/laptops. Some of the examples of files created by the user are mentioned below:
- Documents in Word, PowerPoint, Excel, etc. formats
- Stored videos, audio, images, etc.
- Stored passwords in a browser
- Password protected files
(2) By System
Whenever you are using any IT devices, different logs are created and so many temporary files are created. Some of the examples of files created by the system are mentioned below
- Log files
- Backup files
- System files
- Cookies in browser
- Configuration files
Rules to be Follow while Collecting Digital Evidence
This section provides basic rules that need to be followed for collecting digital evidence. As digital evidence needs to be presented in a court of law, the following are the things that need to be taken care of:
(1) Collected evidence is presented in such a way that it should be understandable by the judiciary.
(2) Collected evidence should be authentic and that is provable in front of the judiciary.
(3) The collected evidence's integrity should be verifiable in front of the judiciary.
(4) Collected evidence should be complete in all respects.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.