Types and Sources of Digital Evidence

DFI Part - 3

As a result of the fastest growth in technology, there is an infinite list of types and sources for Digital evidence, and in each case, you’re involved in, there will be different kinds of evidence. So we are going to discuss in deep about Types and Sources of evidence w.r.t Digital Forensics.

The most important reason to explore the types and sources of digital evidence is that they will determine the tool you will use or build to analyze your evidence. For example, to analyze windows operating system artifacts you will need tools that are completely different from Linux or Mac O.S tools. Also, tools that are used to extract data from memory vary in their implementation in reference to tools used to analyze hard disk drives!

So let’s start with data types, why they are used, and how you could benefit from them.

Active Data

This type includes all data and files that are created by the operating system or by a word processor, web browser, mail client, or a scanner such as documents, cached files, emails, and images.

Archive and Backup Data

This is all data that is organized and preserved for long-term storage to avoid data loss due to attacks or disasters. Backup data is created by making an identical copy…