Author: Sachin Yadav, Director and Digital Forensic and Incident Response Lead, Big 4 Consulting Firm,
Digital forensics can be described as the process of extraction of important data from an electronic system/network of systems, which can be used as potential evidence against its exploitation or related cybercrime. Identifying, acquiring, extracting, documenting, and preserving such data from digital media like the computer, mobile phone, server, or network is done by a team of qualified professionals called Digital Forensic Investigator. The digital forensic team uses multiple tools and platforms to investigate complicated cybercrimes affecting the compromised system/network. This manuscript discusses digital forensics considering the perspective of an organization and the protocols to be followed in the wake of attacks or intrusions. This manuscript also discusses different tools and technologies used by forensic investigators, along with their functions and benefits. This document is not all-inclusive. Instead, it deals with common situations encountered during the examination of digital evidence.