Digital forensics generally relates to the collection of legal evidence found in computers and digital storage media. During digital forensics it is generally desired to examine the contents of computers and digital media in a forensically sound manner. Specifically, it is desirable to preserve the computer or digital media that is being examined in a state that is unaltered by the examination.
The process for performing digital forensics generally includes on-scene documentation, collection, and analysis. During on-scene documentation, the environment around the computer can be documented via sketches, interviews, digital photography and/or digital video recording. In the collection phase, digital data is acquired, while following procedures that preserve the integrity of the data. Once acquired, the data can be analyzed using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data.
Digital forensics can be utilized to collect evidence relevant to a variety of investigations such as, for example, child abuse or exploitation, computer intrusion, counterfeiting, death investigations, domestic violence, threats, extortion, e-mail threats, harassment, stalking, gambling, identity theft, narcotics, online or economic fraud, prostitution, software piracy, telecommunication fraud, terrorism (Homeland Security). However, because of the increasingly complex nature of the examination, digital forensic analysis can require analysts with a relatively high degree of skill and specialized training.
Accordingly, a need exists for alternative systems and methods for performing digital forensic triages on computers.