Digital forensic can be described as a branch of forensic science surrounding the recovery as well as investigation of materials which are found within digital devices, in many occasion regarding computer crime. Originally the term was always used as a synonym for computer forensics; however it has spread out to be used in investigations of the entire devices with capability of storing digital data. Having its grounds in the personal computing revolution of the late 1970s and 1980s, this idea escalated in a disorganized way during the 1990s, but this ended in early 21st century after the emergence of national policies. Digital forensic investigation has been associated with many applications. A widely known one is to refute or support a hypothesis in a civil or criminal courts. Private sectors may also apply forensic, like when there is internal intrusion investigation or corporate investigation. An investigation technical aspect has been categorized into different sub-branches, based on the type of the digital devices affected; forensic data analysis, network forensic, computer forensic, as well a mobile device forensics. Any typical forensic process should include: forensic imaging and analysis of digital media, seizure, and production of report on the evidence collected, (Carrier, Brian D., 2006). In addition to identifying direct evidence of a crime, the use of digital forensics can be on specific suspect evidence, such as determine intent, confirm alibis or statement, authenticate documents, or identify sources; copyright cases. Compared to other forensic analysis, digital forensic tend to cover a wide range of area always covering complex time-lines or hypotheses.

There are various sub-branches in regard to the investigation of different types of artifacts, media, or devices in digital forensics.

Computer forensics: The main aim of this forensics is to give an explanation to the present state of a digital artifact, for example the electronic document, storage medium, computer system. It always covers computers; embedded systems like digital devices that have rudimentary computing power and onboard memory, as well as static memory like USB pen drives, (Farmer, Dan, 2005). Various kind of information is used in computer forensics; from logs like the internet history all through to the real files on the drive.

Mobile device forensics: This is a sub-branch of digital forensics involving recovery of digital data or evidence from a given mobile device. It is different from computer forensics following the fact that mobile device has an inbuilt communications systems such as GSM and severally, proprietary storage mechanisms, (Jones, Andrew, 2008). Mobile device forensics concentrates on simple data like SMS/Email communications and call data but not the deeper recovery of deleted data. Through mobile devices information on location can be determined, which might be from inbuilt gps/location tracking or by means of cell site logs, capable of tracking the devices within their range.

Network Forensics: The discipline involves monitoring as well as analysis of computer network traffic locally and WAN/internet, in order to get information, collect evidence, or detect intrusion. Usually traffic is intercepted within the packet level, and can then be filtered in real time or stored for later analysis. Contrary to other areas of digital forensics, network data tend to be volatile and rarely logged, putting the discipline to be always reactionary. For example, when the United States FBI lured computer hackers, Aleksey Ivanov and Gorshkov in 2000, for a fake job interview. Through monitoring network traffic from the pair's computer, the FBI managed to identify passwords that allowed them to gather evidence directly from computers based in Russia.

Forensic data analysis: It is also a branch of digital forensics which examines structured data with the goal of discovering and analysis of patterns of fraudulent activities leading to financial crime.

Database forensics: This branch of forensics deal with databases and their metadata forensic study. Its investigation use log files, database content as well as in RAM data to build a timeline or for relevant information to be recovered.

Forensic Process

Three stages are involved in digital forensic investigations: imaging or acquisition of exhibits, analysis, and reporting. Generally acquisition revolves around establishing an exact sector level duplicate (or maybe forensic duplicate) of the media, particularly by use of a write blocking device so that modification of the original is prevented, (Sammons, John, 2012). In spite of that, expansion of the storage media as well as developments like cloud computing have resulted to further use of live acquisitions whereby a reasonable copy of the data is to be acquired instead of acquiring the entire image of the physical storage device. This acquired image and original data/media are to...

For example, one of the articles in the "International Journal of Digital Evidence" in 2002 described this stage as "an in-depth systematic search of evidence related to the suspected crime." A researcher known as Brian Carrie in 2006 also described an "intuitive procedure" where clear evidences are firstly identified and then exhaustive searches are carried out to start filling in the holes. Even though the actual analysis process can differ depending on the investigations, the general methodologies always involves carrying out of searches pertaining keyword across the digital media, especially in files and unallocated and slack space, recovering all files deleted as well as extraction of registry information (such as attached USB devices, or list user accounts.
This recovered evidence then undergo analysis in an attempt to reconstruct events or actions and to settle at a conclusions, a job that even the less specialized staff can do. Upon satisfied that all the required information has been found and investigation is over the data presented, and it can be in form of a written report, (United States Department of Justice, 2002).

Apart from digital forensics commonly used in criminal law it can also be used in private investigation. For along time it has been known to be applied in criminal law in which evidences are gathered to either support or oppose an allegation before the courts. In other areas of forensics in involves the broader investigation covering various disciplines. At times the gathered evidence is brought in as part of intelligence gathering that can be used for other reasons apart from the one for the courts, such as in identifying, locating or halting other crimes. Due to that collection of intelligence is in some occasion held to a less strict forensic standard. Digital forensics can form part of the electronic discovery process in civil; litigation or corporate matters. Procedures involved in the forensic are the same with the ones in criminal investigations, however with diverse legal requirements and limitations, (Marshell, Angus M., 2008). If not in courts, digital forensics may be part of internal corporate investigations.

From 2000, in an attempt to respond to the standardization of the ever growing need, different agencies and bodies have come up with their guidelines for digital forensics. A 2002 paper was produced by the Scientific Working Group on Digital Evidence (SWGDE), "Best Practices for Computer Forensics," after which in 2005, there was publication of an ISO 17025 which included "General requirement for the competence of testing and calibration laboratories." In 2004, a European lead international treaty; the Convention on Cybercrime, emerged into force aiming at reconciling national computer crime laws, techniques of investigations and international co-operation. Different countries have taken part in the signing of the treaty all over the world; among them are U.S., UK, Japan, and Canada.

Contrary to earlier days, mobile devices have widely emerged. They have continue advancing further beyond their just simple communication devices, as majority have realize their rich forms of information, escalating other more crimes which did not exist with digital forensics. Another focus has been directed towards internet crime, especially the risk of cyber terrorism and cyber warfare, (Casey, E., 2002). As we continue moving forward digital forensic fields still has some pending issues to be resolved as more are continuing to pile up. Peterson and Shenoi identified biasness in Windows operating systems regarding digital forensics research in their research article. Moreover Simson Garfinkel in 2010, recognized different aspects that digital investigation will be facing in the future; the wide availability of encryption to consumers, increasing size of digital media, growing number of people owning multiple devices, increasing array of operating systems and file formats, as well as legal limitations on investigators.

Limitations

Some of the challenges that digital forensic investigators face include: whether one can preserve or duplicate evidence without knowing the duplication itself essentially changed the data; critical time lines for determining who did what and when; For and an investigation to state decisively that Action A caused Result B, the concept of repeatability has to be introduced, (Nelson, Bill, 2004). This seems to be complicated with digital forensic.

Legal Implications

Digital media is examined by national and international legislation. In terms of civil investigations, specifically, there can be restriction by the laws towards the abilities of analysts to carry…