Talk:Digital forensics

Major Contribution Proposed
Dear Wikipedians: I run the Forensics Wiki at a URL that I cannot put here because apparently the XYZ domain is banned by Wikipedia, but it is at forensicswiki dot xyz. The wiki is getting too much for me, and I would like to move the articles over to Wikipedia. How do I get approval to do this? It's a lot of articles, and they are inconsistent in their quality. Simsong (talk) 03:11, 1 October 2022 (UTC)

Checklist
Points copied from peer review so I can check them off as I work on them:
 * Dablinks (toolbox on the right of this peer review page) shows a disambiguation link; please fix it. done, thanks
 * Checklinks say sciencedirect.com is down; the website says it is for maintenance. It's back up now but I will keep an eye on it

Lede
 * "Computer forensics, Network forensics, Database forensics and Mobile device forensics"
 * Do these sub-branches need to have their first word capitalised? no, no particular reason for them to be, now made lower case, thanks

History
 * Listing a few common computer crimes to give readers an idea would be better than asking them to go to another article to read details they may not wish to know; it also helps to establish a readily associable context right at the start. done, added a paragraph on the development of computer crime (and laws) and listed some relevant crimes for context.


 * Why should we care about GL Palmer and M Reith's words on digital forensics (i.e. what are they qualifications to speak on this topic)? simply removed the direct reference to them, sourced as widely accepted

Investigative tools
 * Possibly describe how the old methods are done (live analysis on media)? Seems quite skimpy and inaccessible to the common person otherwise. rewrote/expanded to be a lot clearer

Digital evidence
 * "... authenticity of evidence."
 * Any cases where authenticity has come into dispute? Illustrating one or two such cases could help beef this point up and make it clearer to the reader its weight in the matter.

Branches
 * Seems a bit bare bones here... I think giving a case study/example for each branch could help the reader readily identify which branch a digital crime would be investigated under. added examples to each one. Might still need some expansion once the sub articles are complete.

Sources
 * What makes the TectTarget site, a general IT media site, a reliable source for digital forensics? done, found a book citation

--Errant[tmorton166] $(chat!)$ 10:33, 31 August 2010 (UTC)

confusing of the base terms.
The proper hierarchy of sub fields should be:

Digital forensics: The article seems to be rather confused and inconsistent about this. Pibara (talk) 20:18, 30 December 2010 (UTC)
 * Digital media forensics (traditionally called by the less precise name 'computer forensics').
 * Network forensics
 * Computer forensics was very much the original name back in the 80s :) so when someone says "computer forensics" they usually mean the whole shebang. If you'd stopped by a couple of months ago you'd have found Computer forensics as the main topic! This article, as an umbrella topic, is a fairly new addition. I have to confess that "Digital media forensics" is not a term I've ever seen used in a scholarly or professional context. We usually just use "computer forensics", even in white papers etc. Do you have any reliable sources discussing this? In addition practitioners/professionals quite particularly differentiate between mobile devices and computer devices; the process and guidelines relating to them share similarities but also significant differences, so we usually treat them as two seperate sub-disciplines :) --Errant $(chat!)$ 21:23, 30 December 2010 (UTC)

Sure, "computer forensics" was very much the original name back in the 80s, before there was such a thing as network forensics. Having done network forensics in the 90s when network forensics was first starting to become something tangeable, to me it seems that network forensics has always been seperate from computer forensics. So if you state that "computer forensics" ever was used to include even network forensics. As you state, practitioners/professionals quite particularly differentiate between mobile devices and computer devices, at least some of us do while others don't. Thats why some of us do still include mobile devices when talking about "computer forensics" while others dont, making "computer forensics" a rather fuzzy term. As a result professionals sometimes talked about "computer forensics in the narow sense" and "computer forensics in the broad sense". For this reason I believe that many now refer to "computer forensics in the broad sense" (that is including mobile devices but not including network forensics) as "digital media forensics". So basicaly the tree looks something like:

Digital forensics:
 * Computer forensics in the broad sense (aka digital media forensics)
 * Computer forensics (implicitly in the narow sense)
 * Mobile forensics
 * Network forensics.

The flattened down version the article seems to propose would I guese look something like:

Digital forensics:
 * Computer forensics (implicitly in the narow sense)
 * Mobile forensics
 * Network forensics

There are clearly two layers in the sub-field tree, ignoring these by flattening them like the article does IMHO is wrong. Possibly there is an other accademic term for "digital media forensics" or "computer forensics in the broad sense" that would be more suitable, and that is important to get right, but my main point is that the "flat" model of sub fields that this article proposes is simply wrong and not at all in sync with every day usage of terminology. I hope this makes sense and hope that this can be corrected. Pibara (talk) 22:35, 30 December 2010 (UTC)
 * Well, most of the academic and professional literature (check the sources) are quite fastidious in identifying mobile device forensics as distinct. There is a whole separate class of tools, for example. The problem in defining these terms is, as you say, they are often used ambiguously. However most of the books identify computer forensics as the "old term" now used in a more specific sense and mobile device forensics as phone forensics. I don't think there is much sourcing or literature to suggest that digital media forensics is a widely used term (certainly :) I've never heard anyone use it). I mean; I'm in no way adverse to creating a hierarchy as you suggest - but current work and practices doesn't (to me anyway) seem to hold it up. I'm also not entirely convinced that your proposal brings more clarity to the topic - it really just introduces another sub-heading.
 * Network forensics is, as you say, somewhat different. As I understand, it developed more out of the security side of things rather than the forensic. So, yeh, I doubt it was ever considered under the original "computer forensics". If you have experience in that area it would be great to get your input in that topic area and on the article. I can do the other stuff :) but never really touched Network forensices. Trying to find someone with knowledge in the area has been a pain. --Errant $(chat!)$ 11:49, 31 December 2010 (UTC)

One of four?
Which are the "four categories" mentioned in the lead? The paragraph seems to list either just two, or five (including the examples of "sub-branches"). Ever wonder (talk) 17:02, 11 December 2011 (UTC)
 * Reading further in the article (and thinking a bit more on it), it seems clear that what is meant is the sub-branches of "computer forensics, network forensics, database forensics and mobile device forensics". However, the way it's written in the lead it's very easy to think the categories in question are "forensic investigation", "eDiscovery" and... what? Also, I realize now that this has been discussed before and that there might be more behind it than a simple formulation problem. I really think something must be changed to make it less confusing, but it should probably be done by someone with more knowledge of the subject than myself. Ever wonder (talk) 17:47, 11 December 2011 (UTC)
 * However, the way it's written in the lead it's very easy to think the categories in question are ; yes, these are the ones. As detailed in Digital forensics the four forms are:
 * forensic analysis
 * intelligence gathering
 * eDiscovery
 * intrusion investigation
 * The sub-branches are four areas where the actual technical act of investigation requires different approaches and involves differing devices/media. I see what you mean about the prose - if I get chance I will tweak that lead section to more clearly delineate the four (as they are a bit wrapped up atm). --Errant (chat!) 18:52, 11 December 2011 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 3 external links on Digital forensics. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20110728051616/http://www.ssddfj.org/papers/SSDDFJ_V2_1_Punja_Mislan.pdf to http://www.ssddfj.org/papers/SSDDFJ_V2_1_Punja_Mislan.pdf
 * Added archive https://web.archive.org/web/20100905202407/http://www.utica.edu/academic/institutes/ecii/ijde/ to http://www.utica.edu/academic/institutes/ecii/ijde/
 * Added archive https://web.archive.org/web/20080222030859/http://www.ssddfj.org/ to http://www.ssddfj.org/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 16:41, 10 September 2017 (UTC)