What Is Digital Forensics?

Digital forensics is the process of preservation, identification, extraction and documentation of evidence contained within a computer that can be used as evidence in a variety of contexts.

Written by Anthony Corbo
Published on Dec. 16, 2021
Digital Forensics
Image: Shutterstock / Built In
Brand Studio Logo
REVIEWED BY
David Moose Wolpoff | Aug 10, 2022

Digital forensics is the process of preservation, identification, extraction and documentation of evidence contained within a computer that can be used as evidence in a variety of contexts: courts of law, for commercial practices such as hard drive data recovery or in the government sector for internal investigations and intelligence. Digital forensics is an expanding field that is becoming increasingly necessary as devices grow in storage capabilities, the internet expands, and encryption methods become stronger, further increasing the ability of cybercriminals to obscure evidence.

What does digital forensics include?

Digital forensics includes five steps: identification, preservation, analysis, documentation and presentation.

The methodology behind digital forensics includes five steps, enabling evidence to be gathered in a manner that makes it admissible within a court of law. 

  • The first step of the forensic process is identification, which takes inventory of the evidence that is present, including where and how this evidence is stored, such as within a personal computer or mobile phone.
  • The second step is preservation, where data is isolated, secured and preserved to prevent the use of any digital devices for evidence that may be present or tampered with.
  • Analysis is the next step, which reconstructs fragments of data to draw conclusions presented by the evidence. This may require multiple iterations to ensure the evidence supports specific theories.
  • The documentation step is when records of data are created so evidence can be properly catalogued and presented when needed.
  • Finally, the presentation step is to summarize and explain conclusions drawn from the evidence in layperson’s terms.

What does a digital forensic do?

Digital forensic scientists help investigate digital crimes and analyze digital evidence contained within various devices.

Digital forensic scientists are critical to solving crime in an era where digital environments make up an increasing amount of daily life. Experts in digital forensics may be involved in gathering evidence on criminal activities ranging from network hacking to identity theft to online predatory activities aimed at children, providing a pathway for creating real-world change. Digital forensics scientists may dedicate themselves to a specific sector of criminal activity or work on a variety of cases, with investigations taking weeks, months or sometimes even years.

Is digital forensics a good career?

A digital forensics degree can open doors to a rewarding career in a time when demand is at an all-time high.

Digital forensics is a rewarding career that offers an opportunity to make a difference by uncovering evidence that may identify a cybercriminal. Digital forensics scientists are critical to advancing the cybersecurity landscape by identifying weaknesses in security methods and potential threats brought on by cybercriminals, helping pave the way for new legislation and penalties in response to these crimes.

In addition to the holistic rewards offered by a career in digital forensics, the average salary for a digital forensic analyst in the United States is $75,130 per year, according to Glassdoor. Digital forensic analysts within the top percentile reported making $115K per year, while the lowest percentile reported making $49K per year. For more information regarding tech salaries within the United States, check out Built In's user-submitted salaries.

Explore Job Matches.