Digital Forensics: Different Types of Digital Evidence

Digital evidence is any information available in digital form that may be useful while doing an investigation. This blog provides an overview of the different types of digital evidence.

Locard's Exchange Principle

Locard's Exchange Principle for investigation is the belief that if someone enters a crime scene, takes something from the crime scene, and also something leaves it behind of themselves. In reference to digital forensics, It simply means that digital evidence may provide a lot of information if collected properly.

Best Evidence Rule

Remember, the court always accepts original digital evidence of documents, and media files such as video, audio, image, etc. Generally, courts will not accept a copy of digital evidence unless it is justifiable in a court of law. Integrity is a critical aspect of any digital evidence. Cryptographic hashes may be used for checking the integrity of digital evidence.

Types of Digital Evidence

(1) Volatile Data

Volatile data is data that is lost after switching off the IT devices.

Examples of Volatile Data:

  • Running processes information
  • open files on desktop/laptop
  • Clipboard content
  • Open browsers
  • System time
  • Private Dynamic IP details
  • Logged-on users
  • Content on RAM

(2) Non-volatile Data

Non-volatile Data is data that is stored in hard disks and generally not lost after switching off IT devices.

Examples of Non-volatile Data:

  • Hidden files
  • Event logs
  • Registry settings
  • Files stored in memory drives

How is Digital Evidence got created?

Whenever digital evidence got seized, investigators try to identify potential information from them that is helpful in resolving the case. If perpetrators use IT devices, a lot of information is getting by investigators by seizing them. As Digital evidence is created by mainly 2 sources.

(1) By User

Users themselves created so many files on the desktop/laptops. Some of the examples of files created by the user are mentioned below:

  • Documents in Word, PowerPoint, Excel, etc. formats
  • Stored videos, audio, images, etc.
  • Stored passwords in a browser
  • Password protected files

(2) By System

Whenever you are using any IT devices, different logs are created and so many temporary files are created. Some of the examples of files created by the system are mentioned below

  • Log files
  • Backup files
  • System files
  • Cookies in browser
  • Configuration files

Rules to be Follow while Collecting Digital Evidence

This section provides basic rules that need to be followed for collecting digital evidence. As digital evidence needs to be presented in a court of law, the following are the things that need to take care of:

(1) Collected evidence is presented in such a way that it should be understandable by the judiciary.

(2) Collected evidence should be authentic and that is provable in front of the judiciary.

(3) Collected evidence's integrity should be verifiable in front of the judiciary.

(4) Collected evidence should be complete in all respects.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *