A few weeks ago, I had a random thought while deleting some old files from my laptop.
What if someone really wanted to see them again?
I pressed delete.
Then emptied the recycle bin.
Gone…. right?
And that was the moment I truly started appreciating digital forensics.
So what exactly is Digital Forensics?
Imagine a crime scene.
There are fingerprints, footprints, broken glass, and maybe a few clues the criminal gorfot to hide.
Now replace the crime scene with a computer, mobile phone, or network.
Digital forensics is basically the process of finding and analyzing digital evidence after a cyber incident.
Investigators try to answer questions like:
Who accessed the system?
When did the attack happen?
What files were touched or deleted?
Where did the attacker come from?
And the interesting part?
Even when someone thinks they deleted everything…
digital traces ususally remain.
The funny thing about “Deleted” files
When we delete a file on our system, most of the time the file isn’t immediately destroyed.
Instead, the operating system simply says:
“Okay, this storage nspace can now be reused.”
Until that space is overwritten, forensic tools can sometimes recover those deleted files.
That means investiagtors migth still find:
old documents
chat records
browser history
hidden images
logs of system activity
Which is why in many investigations, “deleted” does not mean “dissapeared”.
Digital Evidence is Everywhere
One of the coolest things about digital forensics is how many places evidence can hide.
For example:
📱 Smartphones
💻 Laptops and desktops
🌐 Web browsers
📡 Network traffic
☁️ Cloud storage
🧠 System memory (RAM)
Even something as small as metadata can reveal surprising information.
A simple photo might show:
Imagine how useful that becomes in an investigation.
A Quick Look at the Forensics Process
Digital forensic investigators usually follow a structured approach.
1️⃣ Identification
First, investigators identify potential sources of evidence.
Example:
Computers, USB drives, phones, servers.
2️⃣ Preservation
Evidence must be preserved carefully.
Why?
Because modifying the evidence can ruin the investigation.
So experts create forensic images(exact cpoies of storage devices).
3️⃣ Analysis
This is where the real detective work begins.
Specialized tools are used to analyze:
deleted files
system logs
browse artifacts
network traces
Tools like Autopsy, FTK, and EnCase are commonly used in forensic investigations.
4️⃣ Reporting
Finally, everything discovered is documented in a clear report.
Because in many cases, this report might be presented in court.
Why Digital Forensics Matters Today???
We live in a world where almost everything happens online.
Banking.
Messaging.
Shopping.
Business Operations.
Which means cyber crimes are also increasing.
When attacks happen, digital forensics helps organizations:
Without digital forensics, many cyber crimes would simply remain unsolved mysteries.
My Curiosity About Digital Forensics
The more I explore cybersecurity, the more fascinating digital forensics becomes.
It feels like bring a digital detective
reconstructing events from tiny technical clues.
A log entry here.
A timestamp there.
A file that someone thought was gone forever.
And suddenly, the whole story starts making sense.
Maybe that’s the magic of this field.
Maybe that’s the magic of this field.
The internet never forgets…
and digital forensics help us remember.
#WRAP
