Electronic Forensics – A Definition
Electronic forensics, or as it more commonly known digital forensics, is defined as:
‘… as the use of scientifically derived and proven methods towards the preservation, collection, validation, identification, analysis, interpretation and presentation of electronic evidence derived from electronic sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal or helping to anticipate the unauthorized actions shown to be disruptive to planned operations. One important element of electronic forensics is the credibility of the electronic evidence. Electronic evidence includes computer evidence, electronic audio, electronic video, cell phones, electronic fax machines etc. The legal settings desire evidence to have integrity, authenticity, reproductively, non-interference and minimization.’ (Palmer, 2001)
Breaking down the definition:
Breaking down this definition the key elements of electronic forensics are that it is a scientific process that is credible. This credibility is the key to successfully providing electronic evidence that is of use to the law enforcement community as well as the intelligence and military communities. Legal arguments are won on the strength of the credibility of the evidence, and in this, electronic forensics is no different from any other evidence.
Also, electronic devices are not just computers, tablets, and laptops. Nearly every device running using electricity now has some form of micro-processor and data storage. From cars, to fridge to pacemakers, there are a multitude of devices that can come into the sphere of Electronic Forensics. This internet of things not only opens avenues of attack for hackers but also for forensics experts.
In the end, the securing and exploitation of electronic forensics is a scientific process, and as such must be viewed as something that is repeatable and auditable.