Digital forensics
Digital forensics

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Digital forensics

4.1 The digital forensic process

The digital forensic process has the following five basic stages:

  1. Identification – the first stage identifies potential sources of relevant evidence/information (devices) as well as key custodians and location of data.
  2. Preservation – the process of preserving relevant electronically stored information (ESI) by protecting the crime or incident scene, capturing visual images of the scene and documenting all relevant information about the evidence and how it was acquired.
  3. Collection – collecting digital information that may be relevant to the investigation. Collection may involve removing the electronic device(s) from the crime or incident scene and then imaging, copying or printing out its (their) content.
  4. Analysis – an in-depth systematic search of evidence relating to the incident being investigated. The outputs of examination are data objects found in the collected information; they may include system- and user-generated files. Analysis aims to draw conclusions based on the evidence found.
  5. Reporting – firstly, reports are based on proven techniques and methodology and secondly, other competent forensic examiners should be able to duplicate and reproduce the same results.

A crucial activity that accompanies the first four steps is contemporaneous note-taking. This is the documentation of what you have done immediately after you have done it in sufficient detail for another person to reproduce what you have done from the notes alone.

Activity 9

Timing: Optional (Allow 1 hour)

This activity is for the technically minded or curious only who would like a preview of the digital forensics process: watch the YouTube video A Geek’s Guide to Digital Forensics [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] (2011) (you may want to use the fast-forward feature to skip some sections).

Digital forensics is not solely about the processes of acquiring, preserving, analysing and reporting on data concerning a crime or incident. A digital forensic scientist must be a scientist first and foremost and therefore must keep up to date with the latest research on digital forensic techniques. They may also contribute to the discipline through their own research and publish it in peer-reviewed journals.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371