In this video, you will learn to describe the practice of digital forensics and what technical skills and legal knowledge is required to be effective. >> We move now on to the digital forensics area. So digital forensics, is a branch of forensic science. It basically includes everything relate to identification, recovery, investigation, validation, and presentation of facts regarding digital evidence. There's digital evidence, it's usually found on computers or similar digital storage media devices, for example, hard drives, cell phones, servers. If we talk about forensic science, we need to talk about the Locard's exchange principle. Dr. Edmond Locard is a pioneer in the forensic science scene. And he became known as the Sherlock Holmes of France. He came up with this principle, that is true for both the physical world as well as the technical world or the computer world. The perpetrator of a crime will bring something into the crime scene and leave with something from it. And that both can be used as forensics evidence. Basically this means that when anybody commits a crime, he will take something from the crime, but he will also leave something in the crime scene. And those two facts can be used for forensics evidence. In digital forensics, we need to talk about chain of custody, just as we will in the forensic science. Basically refers to the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. So the chain of custody, basically it's a written document that will allow us to reconstruct what have been done with the evidence. Who has had it in the past, who has copied the information, how it was copied, who has analyzed the information, all sorts of things. And chain of custody will be able to tell us that or recreate that for us. This chain of custody process have been required, it is required for any type of evidence to be presented legally in court. In digital forensics, we have several tools there. We can divided them into two, hardware tools and software tools. In hardware tools, we have a few samples of the Faraday cage, it's basically a device that can block any electronic. It basically blocks magnetic fields. And it's used to isolate cellphones, for example, from the cellular data, wi-fi access. So isolate the cellphone from any, impulse or any electronic communication. We also have a specific forensics tools or forensics briefcase that have a bunch of tools inside of them. We can discuss them maybe it's forensics laptops, power supplies, tool sets, digital cameras, case folders, blank forms. Basically these blank forms are what would then constitute the chain of custody of any evidence collected during the investigation. Also we would need some empty hard drives if we need to copy any information. And also the write blockers because we want to make sure that we're able to copy anything from the hard drives but we're not writing anything into the hard drives. We have several software tools out there and these are just some very small list of anything that's available out there. We have open sourcing applications like Volatility and we also have paid software like FTK and EnCase. In the case of dd, it is basically a bit-by-bit copier found in most of the Linux operating systems out there. Autopsy, Bulk Extractor, and many more are some of the tools that can be used in any forensics investigation.