Think of solving a puzzle. In order to solve one, all the pieces are needed to be put together and then to their respective places, even one missing piece can block the whole scene that could come up with a bigger picture. Thus, a right strategy is required to do the magic trick, not only to crack it but to do it fast too. Forensics is all about that strategy that can help build that bigger picture.
As far as the digital forensics is concerned, it is the same but a little more complex and long process as “pieces of puzzle” have no physical footprints but has a cyber impression of it so the collection, analysis and presentation of that evidence, are all together a little more sensitive process.
So now the process to take place there are some tools which are needed to carry out the procedure.
The procedure that follows is quite simple though :
• Collection or gathering of the evidence
• Creating a copy of the found digital evidence
• Authenticating that copied evidence
• Analyzing the copied evidence
• Presentation of the acquired evidence
Now the reason for creating a copy of the acquired evidence is not to modify the acquired information or harm it in any way possible.
About the tools, now there are many software tools supporting different platforms, are helpful in the whole procedure. The most popular ones are The Sleuth Kit, FTK Imager, ExifTool etcetera.