Digital forensics refers to the “process of uncovering and interpreting electronic data”. The main goal of this process is to “preserve any evidence in its most original form while conducting a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing previous events”.
Digital forensics is very similar to criminal forensics. Likewise, investigations are conducted after a criminal act has taken place. Instead of a victim or a crime scene, however, computers, servers, technical rooms or even smartphones are examined. The purpose is to find out how the perpetrators penetrated the target system, what information/files were searched for and whether files were stolen and, possibly, new ones added (malware, logs, illegal content…). Another aim is to find out whether any traces of the attack have been removed or whether digital fingerprints can be found.