Digital Forensics

Definition

Digital forensics is the science of identifying, collecting, analyzing, and preserving digital evidence after a cyber incident or cybercrime.

Digital forensics operates on the Locard principle: every contact leaves traces. Evidence must be forensically collected (chain of custody) to be usable in legal proceedings.

Related terms

Incident Response IOC (Indicator of Compromise)
← Back to glossary