TryHackMe — Digital Forensics Fundamentals | Cyber Security 101 (THM)

Digital forensics investigates cyber crimes by analyzing digital evidence. Cyber crimes range from theft to unauthorized data access. Digital forensics involves systematically examining devices like laptops, phones, and storage drives to uncover evidence. In a bank robbery scenario, digital evidence — such as maps, documents, and chat records — provided crucial insights, helping law enforcement in legal actions.

Answer the questions below

1. Which team was handed the case by law enforcement?

• digital forensics

Digital forensics follows a structured methodology, as defined by NIST, to ensure thorough investigation and integrity of evidence. This process consists of four main phases:

1. Collection: Identify and collect data from relevant devices without tampering, documenting all items collected.
2. Examination: Filter the collected data, extracting only relevant information for further investigation.
3. Analysis: Correlate and analyze data to draw conclusions about the incident, based on the case context.
4. Reporting: Compile findings, methodologies, and recommendations in a report for law enforcement or management.

There are various specialized fields within digital forensics, such as computer, mobile, network, database, cloud, and email forensics, each with specific techniques and focuses.