Digital Forensics

Digital Forensics definition in Computer Security terms:

Acronym(s): None

Definition(s): In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.
Source(s): CNSSI 4009-2015 (DoDD 5505.13E)

The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
Source(s): NIST SP 800-86

Synonym(s): None


reference: CSRC Glossary