The Computer Forensic Investigations

Subject: Tech & Engineering
Pages: 5
Words: 1462
Reading time:
6 min
Study level: PhD


In recent years, there have been remarkable developments in Information and Communication Technology (ICT) aspects. Communications systems, Cloud-Based Services, mobile devices, Virtual Systems, and Internet of Things c(IoT) solutions have enriched technologically evolved societies in various ways. However, there has been an increase in cybercrime crime cases with these developments. This report, therefore, shows the extent of acquisition, interpretation including implications of cyber investigation.

The computer forensic investigation looks at data that could be retrieved from computer storage devices or other hard disks, using conventional standards and processes to see whether unauthorized users have breached the devices. To ensure that a company’s network device system is protected, computer forensics investigators work together to conduct an investigation and execute forensic analysis utilizing various approaches (Hidayati et al., 2021). Computer Forensics Investigations are divided into two main categories: public investigations and corporate or private investigations.

Forensic investigators have standard procedures differentiated by the equipment under study, the context of the inquiry, and the data being sought. The process involves data collection, research, and presentation (Dimitriadis et al., 2020). While procedures vary depending on the sort of cybercrime being probed, including investigating, all cybercrimes are amenable to some fundamental investigation approaches. These approaches include: doing background checks, gathering information, author tracking and identification, and finally performing digital forensics.

For example, various cloud computing services, such as cloud services from two or more providers, devices and competent TVs suppliers. They are linked in intertwined cloud servers, such as cloud federal state. Thus, this extends the bandwidth of conventional cloud computing, enhancing flexibility in managing resources and encompassing spikes in demand (Hossain et a., 2020). Gadgets that are a section of cloud-computing systems are possible carriers of the attack with such an environment for exfiltrating delicate and commercially sensitive information from stored information in the connected space. As a result, in a cybersecurity event, computing devices provide a wealth of proof.

Acquisition of Forensic Evidence During a Cyber-Investigation

Whenever law enforcement authorities (LEAs) need documentation in cellphones, they resort to digital forensic experts, who then conduct an examination. In essence, cybersecurity forensic analysis has four stages that seek to deliver digital evidence to the court. These are identification, preservation, study, and demonstration of the digital proof, the process of data acquisition is an essential aspect of the digital forensic inquiry, and it is frequently included in the preservation step. Data must first be gathered and often scrutinized before, therefore, analyzing it.

The procedures utilized to obtain evidence from a phone can be divided into two categories: physical acquisition and logical acquisition. Process data is retrieved straight from the device’s physical storage media in the material acquisition. The information stream is obtained from hard disk storage using a step-by-step approach. Physical purchase yields a complete dataset than logical acquisition, which may include objects that had been previously erased. Logical addition creates an image by copying logical entities from storage media, such as files and folders. The OS’s file system logically categorizes the data that has been retrieved; hence this step is termed logical (Talkhestani et al., 2019). The fundamental disadvantage of this approach is that it only gathers analytical data rather than an original representation of the cache, making it challenging to retrieve discarded data. Furthermore, because this method necessitates turning on the phone and loading the operating system, it can wipe data saved on non-volatile storage, increasing the risk of information tampering.

A link is created between forensic machines such as tablets to undertake a logical acquisition, and a synchronization tool must first be installed on the forensic workstation to connect. When a mobile system is connected to the forensic machine, it generates a link (Karie et al., 2019). For WinCE-based cell, mobile systems synchronization applications Microsoft may be utilized. However, Microsoft has offered the android app for synchronization between it and desktop, their protocol of using it in a forensic investigation. Thus, when executing program forensic, investigators must start by determining how to find and collect evidence.

Interpretation of Forensic Evidence During a Cyber Investigation

Investigations into the cloud always lead to data being accessed across geographical boundaries. Retrieving data for investigative reasons, forensic tools, and procedures leverage the power of how information is kept within a device. Every investigation is done in a few separate steps and formal protocols. This stage ensures that the relevant data is extracted and that the process is explicit and provable. Even during the investigation, special care is taken to ensure that the evidence on the gadget is not tampered with in any manner (Karie et al., 2018). The stage whereby data is retrieved and transferred from the device is the most logical place for this to happen and this step is referred to as imaging. Imaging is a technique for generating a backup copy stored on a device’s file system. The imaging procedure aims to replicate the data, enabling the investigator to conduct a thorough inquiry using a copy of the device’s data instead of the original.

Digital forensic technologies scan details such as formerly cleared files, logins, and other information that rightly regular persons do not generally view and extract data accessed mainly by the operator. The device’s operating system usually prevents access to these locations to ensure that the user does not mistakenly compromise the device. Forensic investigators work around these security mechanisms and gain regulated access to these regions to reveal secret information. They use different access techniques and ‘hacks’ (Al-Dhaqm et al., 2020). Physical and logical imaging are the two basic types of imaging. Biological imaging is a technique in which the device’s operating system is completely ignored, and all data is accessed straight from the file memory. Therefore, the procedure makes sure that the information on the device is replicated to another device. Thus, this ensures that all deleted, concealed, and files are duplicated, regardless of the Operating System’s security mechanisms.

Logical imaging, therefore, is the procedure in which detailed information is captured through the operating system’s help. The imaging program asks for data from the operating system and collects it. This imaging mechanism is reliant on the Operating System’s permissions. It also does not necessitate that the forensic software understands how the operating system saves and organizes the files on the device. Forensic investigators have several unique obstacles in cloud investigations (Raychaudhur, 2019). The fundamental issue is that the investigator does not have active control over the data location. The data is stored on behalf of the user by the cloud provider. When the information is retrieved through a mobile device, the user does not need to know where it is stored.

Implications of Cyber Investigations

A significant benefit of the cloud is the pervasiveness of data. However, it is one of the main issues in findings. Compared to mobile devices, cache is often stored at a cloud provider’s data center, which cannot be accessed or seized in just the same manner that mobile devices can. Reduced income levels are one of the most severe consequences of cybercrime for an organization. Another significant effect of cybercrime is the time wasted by IT employees who must devote most of their day to dealing with such incidents (Mabey et al., 2018). Many Information Technology team members spend a significant portion of their time dealing with security breaches and other cybercrime issues rather than concentrating on fruitful initiatives for a firm. Also, when client records are compromised due to cybercrime-related security violations, it can severely harm the company’s performance. For various security reasons, employees are required to enter additional security watchwords and do lengthy tasks to finish their studies.

Table 1: Summary of Extended areas

Acquisition of forensic evidence Interpretation of forensic evidence Implications of cybercrime investigation
This process is typically included in the preservation step of forensic examination. Forensic evidence is analyzed and interpreted. Cybercrime investigation
It is generally essential in determining digital and cyber fraud.
It involves two main categories; physical and logical acquisition The imaging approach is used in physical and logical imaging Cybercrime has different repercussions on the organization’s economy in general.


Cyber-terrorism can have a big-scale effect on several people. It can ultimately affect a nation’s economy, depriving it of resources and rendering it more susceptible to military invasion. Cloud computing and mobile devices are inextricably connected, and the latter’s success has fueled the former’s success. Both have made everyday data storage, processing, and transmission exceedingly simple. The enthusiasm of digital investigators in examining the data saved by these devices will grow as the quantity of the information that is in storage by this equipment expands. On the contrary, cloud service providers are becoming increasingly vital in searching for relevant evidence. However, they work on the user’s behalf and are responsible for ensuring the confidentiality and protection of personal data.


Al-Dhaqm, A., Abd Razak, S., Ikuesan, R. A., Kebande, V. R., & Siddique, K. (2020). A review of mobile forensic investigation process models. IEEE Access, 8, 173359-173375.

Dimitriadis, A., Ivezic, N., Kulvatunyou, B., & Mavridis, I. (2020). D4I-Digital forensics framework for reviewing and investigating cyberattacks. Array, 5, 100015.

Hidayati, A. N., Riadi, I., Ramadhani, E., & Al Amany, S. U. (2021). Development of conceptual framework for cyber fraud investigation. Register: Jurnal Ilmiah Teknologi Sistem Informasi, 7(2), 25-135.

Hossain, M., Karim, Y., & Hasan, R. (2018). FIF-IoT: A forensic investigation framework for IoT using a public digital ledger. In 2018 IEEE International Congress on Internet of Things (ICIOT) (pp. 33-40). IEEE.

Kao, D. Y., Chao, Y. T., Tsai, F., & Huang, C. Y. (2018). Digital evidence analytics applied in cybercrime investigations. In 2018 IEEE Conference on Application, Information and Network Security (AINS) (pp. 111-116). IEEE.

Karie, N. M., Kebande, V. R., & Swaziland, K. (2018). Knowledge management as a strategic asset in digital forensic investigations. International Journal of Cyber-Security and Digital Forensics, 7(1), 10-20.

Karie, N. M., Kebande, V. R., & Venter, H. S. (2019). Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Science International: Synergy, 1, 61-67.

Mabey, M., Doupé, A., Zhao, Z., & Ahn, G. J. (2018). Challenges, opportunities, and a framework for web environment forensics. In IFIP International Conference on Digital Forensics (pp. 11-33). Springer, Cham.

Raychaudhuri, K. (2019). A Comparative Study of Analysis and Extraction of Digital Forensic Evidences from exhibits using Disk Forensic Tools. International Journal of Cyber-Security and Digital Forensics, 8(3), 194-206.

Talkhestani, B. A., Jung, T., Lindemann, B., Sahlab, N., Jazdi, N., Schloegl, W., & Weyrich, M. (2019). An architecture of an intelligent digital twin in a cyber-physical production system. at-Automatisierungstechnik, 67(9), 762-782.