Digital Forensics

Digital forensics is a subset of forensics — the collection and analysis of criminal evidence — that focuses on digital information. Examples include retrieving data from a computer, analyzing the metadata of specific files, and monitoring network traffic.

A common first step in the digital forensics process is accessing data from an electronic device. For example, a laptop, smartphone, or cloud storage account may contain data that pertains to a specific investigation. In some cases, the data is easily accessible, while in others, the data may be encrypted or require a login. Digital forensics may also involve recovering data from a damaged or partially erased storage device.

After gaining access to the data, investigators may search or browse through folders and files to find relevant information. For instance, they may look for emails or text messages sent at a specific time. Images or videos may also provide useful evidence. The metadata of certain files can be helpful as well. For example, an email header may include the IP address of the device that sent the message. Image EXIF data may include GPS location information, as well as the date and time the image was taken.

While digital forensics typically focuses on recovering existing data, it may also involve monitoring data in realtime. For instance, a detective may use a packet sniffer to record packets sent over an individual's wireless connection.

Data Authenticity

Regardless of the process used to recover digital information, the authenticity of the data is paramount in criminal cases. Since digital information can easily be copied or modified, it is often difficult to verify original data. Corroborating evidence may be required to ensure that digital data has not been altered. Examples include copies of data from multiple devices and log files from a server.

Updated July 14, 2021 by Per C.

quizTest Your Knowledge

How is "leet" written in leetspeak?

Correct! Incorrect!     View the Leet definition.
More Quizzes →

The Tech Terms Computer Dictionary

The definition of Digital Forensics on this page is an original definition written by the team. If you would like to reference this page or cite this definition, please use the green citation links above.

The goal of is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about this definition or would like to suggest a new technical term, please contact us.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.