For decades, the industry that I work in has been called “computer forensics,” but recently you may have noticed that nearly every professional working in this field calls it “digital forensics.” You may be wondering when this shift happened and why.
The simple explanation has to do with the fact that we are living in an increasingly digital world.
Computer forensics had its roots in the ‘60s and ‘70s, even before there was a name for this type of work. Back then, it has hardly even a science. Examinations were performed by system administrators knocking around live mainframes, attempting to ferret out useful information as needed. They operated without any methodology or scientific processes.
Over time, national organizations and investigative agencies brought a level of scientific rigor to this emerging field. In 2002, the Scientific Working Group on Digital Evidence (SWGDE) published the paper “Best Practices for Computer Forensics” which helped established many of the principles of modern digital forensics. SWGDE continues to provide guidance to the digital forensics community and encourages the adoption of its publications by organizations that develop standards. One example of this is ASTM E2678, “Standard Guide for Education and Training in Computer Forensics.”
While computer forensics may have been an appropriate term for a time, we are now living in an era of interconnected smart devices—phones, TVs, speakers, watches, doorbells, and cameras, each with the potential to track and store information about our activities. And each can serve as a potential source of discoverable information. Recent headlines tend to confirm this.
Consider the case of the couple that plotted a murder over SnapChat. Or the case where a judge ordered the release of information from a “smart speaker” to search for evidence in a murder investigation. A typical digital forensics investigation is as likely to include the examination of a cloud storage account or a social media profile as it is include a computer’s hard drive.
However, the most important device in many examinations is no longer the computer, but the smartphone.
Former FBI director James Comey once stated, “The cell phone is probably the single most important piece of evidence you will find at a crime scene today.” Even for those of us working on civil matters, smartphones can yield a wealth of information. They have become our indispensable digital companions, the preferred platform that provides us access to email (both work and personal), social media, messaging, and the web. By capturing our geolocation information, smartphones can provide us with driving directions or track our exercise activity.
There are a host of powerful tools that allow forensic investigators to capture a wide-range of information from modern mobile phones. And because smartphone often make automated backups to the cloud, data persists longer than most users are aware.
It’s only been about ten years since we saw a big push toward renaming the field. To us, it makes sense—it’s simply more appropriate to refer to this field as “digital forensics”; this phrase encompasses a broader range of potential electronic devices and digital platforms. The field is ever evolving—as digital technology continues to infiltrate every aspect of our lives, expect that digital forensics capabilities will grow to meet the needs to recover or uncover needed information.