Let’s start with answering asking the following question: “what is digital forensics?” In general, digital forensics is a relatively new branch of forensic science. It focuses on digital evidence for criminal cases, such as the identification, validation, investigation, recovery, and presentation of facts found on digital devices. This entails that the digital forensics investigator must retrieve and analyze large and complex web data sets. It allows for tracing the digital footprints that threat actors have left behind, such as messages they sent and received on their message apps or their online search for a location or route planner.
In general, digital devices are holding more and more data and a growing number of apps. They are also used for cloud storage. In the case of threat actors, digital devices are often used to plan and commit a wide range of crimes utilizing mobile technology. Digital forensics uses such data to assist law enforcement and federal agencies with their investigations. For example, in the aftermath of the Capitol Building riots, law enforcement, and intelligence agencies used digital forensics to collect and analyze the posts of rioters on various social media and video streaming platforms relating to the riots. The rioters made and shared images and videos of themselves, and the people they were with, during the riots. Even when the rioters tried to remove their posts, later on, media outlets and other users had already duplicated these images and videos, sharing them all over the Internet. This provided digital forensics investigators with a treasure trove of data to work with, which in the end resulting in the successful completion of the criminal investigations.
With the right digital forensic tools, digital forensics and digital crime investigation professionals can identify a breach or cyber threat, the actors or networks behind such a breach or cyber threats, and uncover their motives. To capture data left by the digital footprints of threat actors, a dynamic web-based platform supports digital forensics investigators in their work. Such an automated web intelligence tool (WEBINT platform) assists in detecting and analyzing vast amounts of digital information about various audiences, extracting technical details with non-intrusive methods. For example, it allows for identifying multiple connections simultaneously and de-anonymizing threat actors by following digital footprints.
Furthermore, such a digital forensics tool can also be used to actively keep abreast of threat actors. Based on the collected and analyzed digital data, it can provide insights into where threat actors are, whom they meet and communicate with, what their intentions are, places they frequent, etc. which could help law enforcement to prevent these threat actors to commit a crime. The data-collating capabilities of an AI-powered WEBINT platform allow law enforcement to pre-emptively track threat actors and fight crime.
Obviously, digital forensics requires a special skillset since the digital forensics investigator must be familiar with all types of digital devices, networks, operating systems, routers, etc. That’s why educational institutions have started offering digital forensics certification courses, such as GIAC Cyber Threat Intelligence (GCTI). Since digital forensics departments are facing qualified staffing shortages, many forensic institutes are turning to AI-powered and automated WEBINT platforms to help to bridge the gap in a rapidly evolving digital landscape.
To summarize, digital forensics helps law enforcement to find out the “who, what, when, and where” – all crucial elements in their criminal investigations. Utilizing digital forensics tools and techniques, digital forensics investigators can use digital clues and information from a diversity of OSINT sources.
It is clear that digital forensics technology has become an integral part of almost all forensic investigations, and its importance is growing. According to PWC, it will be applied in the near future in other situations as well for solving an even wider variety of problems.