What is Data Forensics / Forensic Data Analysis (FDA)?

Data forensics – also known as forensic data analysis (FDA) – refers to the study of digital data and the investigation of cybercrime. FDA may focus on mobile devices, computers, servers and other storage devices, and it typically involves the tracking and analysis of data passing through a network. Investigators employ a range of tools, including decryption and reverse engineering. Some investigators distinguish between “persistent data” stored on a drive – and volatile data, which resides in registries, cache and RAM, and which will be destroyed when the computer is shut down. Attribution and illuminating the complete attack path are among the primary objectives.

Investigators must address not only the obvious technical challenges but also an array of administrative and legal issues. Technical issues encompass encryption, basic questions of data storage and “anti-forensics” tactics intended to circumvent investigator efforts. The complexities of cyber threats and attacks can create significant difficulties in accurately attributing malicious activity. And while there are a variety of standards for data forensics, there aren’t mutually agreed-upon standards, nor is there a single governing body to assure that professionals are qualified and following best practices.