Role of a Digital Forensics Investigator

The most common application of digital forensics investigations is to discredit or support hypotheses before a court of law, whether criminal or civil. In the case of electronic discovery, an investigator can also prove helpful in the private sector, along the lines of corporate security and internal investigations. Whatever the case, the job of a computer forensics investigator follows a typical process that begins with the seizure of media and continues with its acquisition, also called forensic imaging. It is very important that the investigator has as much information as possible before undergoing these steps. A first step is often interviewing any people who can provide information in connection to the case.

The technical procedures start with the acquisition of the volatile evidence, that is the data which might change or disappear quickly if improperly handled. After this step, which can be difficult to perform, depending on the level of access the investigator has to the computer or digital device. Next comes the acquisition of physical storage, including memory cards, hard drives, removable disks or USB drives, which will be forensically imaged, in order to ensure the continuity of the operational system, while also using the devices as evidence.