top of page

Digital forensics

- By Sanela Nikolic

- Digital forensics means the application of investigation methods and techniques and aims to identify, collect and analyze data while preserving the original evidence and presenting it as evidence in court. E-mail, social networks, and other modern ways of communication can serve as a means of arranging various crimes.

Therefore, digital forensics is a science that involves a combination of different scientific disciplines. Digital evidence is easily erased, so we have forensic tools that allow you to recover and analyze deleted and hidden files, which cannot be accessed in the usual way. Digital forensics applies to all digital devices and includes numerous digital forensics devices, computer forensics, mobile device forensics, sensor network systems, etc.

The computerized finding is reproducible and therefore can and must be found on the copy in order to avoid changes and contamination of the original. In the case of computer crimes, the computer system can be a kind of murder weapon, or an asset hit by criminal action. In both cases, the analysis of images of the contents of the storage areas, hard disk, of the temporary storage areas of the data program, can lead to the identification of the elements useful for the investigation.

From this, we can say that forensic information technology is not only significant when computer crimes occur, but also in many situations in the tax and commercial field, like money laundering, international murder, insurance fraud, sexual abuse, violation of copyright, etc.

The basis of the computer forensic process is presented in four phases:

- identification

- acquisition

- analysis

- presentation

When we talk about the forensics of mobile devices, extracting data from mobile phones is one of the most demanding investigation procedures due to the rapid change in hardware and software structure and due to a large number of mobile devices of different structures. An active mobile phone presents several problematic elements in its retrieval and data analysis.

The movement of a device connected to a telecommunications network changes its content, and as an active device can still receive messages and calls, it will cause further changes in research. Due to all these factors, in this case, the most important is the electromagnetic insulation of the device.

This actually means that the mobile device must be isolated not only from other mobile phones but also from any communication using Bluetooth and WiFi.

Although all digital evidence can be significant, it is necessary to properly conduct an appropriate investigation, because otherwise the data could be damaged or their significance could be diminished, and thus rejected in court.

By Sanela Nikolic, Serbia State Police Officer

IPO Headquarters - Special Division

Coordination Inspector

127 views0 comments

Recent Posts

See All


bottom of page