What is Computer Forensics?
Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. Computer forensics aims to examine digital media soundly to identify, preserve, recover, analyze, and present facts and opinions about digital information.
Since the early 1980s, computers have been used for criminal and civil investigations, including fraud, cyberstalking, child pornography, murder, and rape. Computer forensic has its own guidelines and practices designed to create a legal audit trail. Many high-profile cases have led to computer forensics being widely accepted as reliable within U.S. and European court systems.
Forensic techniques and expert knowledge are used to explain the current state of digital artifacts such as computer operating systems, storage mediums, or electronic files. The scope of forensic analysis can vary from simple information retrieval to reconstructing a series of events. The more domain knowledge of the examiner, the more flexibility revolves around the forensic methodology, which can be described more as a discipline of art than science. This being said, law enforcement forensics are usually relatively rigid and lack flexibility, unlike civilian examiners.
What is Phone Forensics?
Mobile device forensics is the recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones. Still, it can also relate to any digital device with internal memory and communication ability, including Personal Digital Assistants (PDAs), GPS devices, and tablet computers.
Since the consumer market for smartphones exploded in the early 2000s, smartphones have become ingrained as part of our daily lives, enabling and sometimes recording our every move. As a result, the need for technical forensics evidence has dramatically increased as well. Unlike computer forensics with a limited number of operating systems (OS), such as Windows, Mac OS, and Linux, mobile forensics’ OS are frequently changed significantly and require vigilance to stay up to date. Furthermore, mobile devices are designed to roam and constantly communicate with the outside world/cell towers. As a result, proper evidence handling is essential to prevent the contamination of data. Forensic examiners must ensure that the phone is isolated to the extent possible to avoid the possibility of a telephone being wiped remotely or data being changed by applications running in the background. The information obtained from a smartphone is often used by investigative agencies and law enforcement to create a timeline of a subject’s locations and actions.