Digital forensics involves the collection, retrieval and investigation of data found on devices and accounts that store electronic data. It is a branch of forensic science that analyzes devices such as servers, email accounts, social media accounts, web-based storage accounts, wearable technology, computers, tablets, smartphones, and Internet-connected devices (Internet of things) among others

It is very common that the terms as “computer forensics” and “digital forensics” are used interchangeably since these fields of work cover almost the same areas and with similar tools, but there are differences since our industry covers more types of devices and cybernetic technology, networks, etc. This makes the analysis more precise and adapted to current technological needs.

What are forensic images? They are the process of verifying and creating exact copies of data stored on hard drives and other electronic storage devices. In the case of smartphones, forensic images are verifiable copies of the maximum amount of data that phone models and associated operating systems can copy, and as such, work done on phones is often more accurately named forensic collections. Forensic images are bit-by-bit copies of all the data stored on computer hard drives. For specific collections, forensic images are verifiable exact copies of selected files.

These are some examples:

In the event that you or an attorney need to collect evidence in a lawsuit to meet discovery obligations and help evaluate your case.
In the case of wanting to file a lawsuit and you need to collect data to analyze your claims.
In the case of you want to know if the former employees who had access to confidential data were taken to use them in a new company.
In the case of litigation for the verification of electronic information, analysis of data treatment, rescue of deleted data, etc.
In the case of treatment or rescue of large volumes of data and its exhaustive analysis of identification of key evidence.

Clients hire outside computer forensic experts for any of the following reasons:

IT staff is typically staff with more generic and often non-existent computer forensic knowledge. For this reason, it is important to have experts specialized in computer forensics since they are able to communicate highly technical concepts in an understandable way and recognize problems quickly.

Without the proper forensic software, collecting data can expose you to legal risk from a possible alteration or omission of key data.

Having your company protected by external experts is a solid business reinforcement for the coverage of a possible problem that may arise in your company. A reputable expert will make your argument sound based on expert data and arguments and this is priceless for a company.

Although there is no single certification body in the computer forensics industry, one of the most prestigious and rigorous vendor certifications is EnCase Certified Examiner (EnCE), in which you must pass a multiple-choice exam, a practical exam that it requires examining digital evidence and creating an associated report and ongoing training is required to stay active and up-to-date.

The different stages of eDiscovery:

Information governance: The information governance stage is the eDiscovery planning process and the management of electronically stored information (“ESI”) to better manage the risks and costs of eDiscovery.
Identification: at this stage the scope of ESI for an issue is determined, such as custodians who own ESI, data categories and ESI storage locations.
Conservation: this is the stage in which it is guaranteed that the ESIs will not be destroyed or unduly altered. Generally, this should occur when litigation is reasonably anticipated.
Collection: The collection stage involves copying the ESI for use later in the discovery process by using a digital forensics provider that can verifiably collect ESI without altering potentially relevant metadata.
Processing: This stage generally includes reducing the volume of ESI through automated means, such as search terms and the application of date restrictions, and converting the ESI into a format that is easy for review and analysis.
The review: at this stage the responsiveness such as discovery requests and the privilege of the ESI are reviewed. Efficient document review platforms such as Relativity, iConect and others are used by many lawyers to do more efficient document reviews.
Production – This stage consists of handing over relevant non-privileged ESIs for review by other parties, ideally based on agreed production specifications.
The presentation: this stage shows the ESI already reviewed in various forums, such as declarations, hearings, mediations and / or trials.

Electronic evidence can be presented to assist witness testimony, demonstrate key facts, or persuade the finder of fact.