Digital forensics

In 2017, a Russian hacker by the name of Roman Seleznev was sentenced to 27 years in prison by the US courts for hacking into more than half a thousand of US businesses and stealing millions of credit card numbers which Seleznev sold to special websites.

He did this for a decade and a half. US authorities finally caught on him after his holiday in Maldives where he was whisked from there to Guam, and later on to Seattle. To date, this is by far the longest sentence ever given to a cybercrime-related case.

This is but one of the many examples of cybercrime cases being prosecuted and put to closure. In doing so, tools and services are used by authorities to ascertain allegations and determine fraud and use this in appropriate courts of law. An example of such capability would be in the area of digital forensics.

Digital Forensics refers to activities that involve the recovery, preservation and investigation of data stored in digital devices. This is done when there is need to validate and authenticate events and activities that transpired with the device as its digital witness.

To us consumers, the closest thing we have that we can “relate” to in digital forensics would be the screenshot. A screenshot taken from any social media platform or any messaging application for that matter signifies and provides evidence of such conversation, comment or anything digitally documented actually existed.

To the initiated, however, the science of digital forensics takes this to an entirely different level.

More than just taking a screenshot, digital forensics traces back the life of the device involved. If there is a need to recover what has been lost or deleted, it will be done so. A typical digital forensics lifecycle covers the following stages:

Acquisition of digital devices. It is important that the device to be forensically investigated is available for the forensics expert to examine . There are instances wherein the device is no longer available — it may have been destroyed, thrown away.

Preservation. Once the device is in the hands of the forensics expert, preservation comes into the picture. This requires creating an image or an exact copy of the device and its attached history — data that may have been deleted, applications that may have been uninstalled, and other details that may help in providing more information on what the device has gone through. Deleted data may be recovered and will form part of the image that will be produced at this stage

Forensic Analysis. This is where the analysis of all data will come to play. A timeline will be created to highlight events and activities that transpired which will further provide insights. For social media related data, further scrubbing can be done to authenticate such activities. Data provided will then be admissible in the court of law.

It is worthwhile to know that the technology and services related to digital forensics are already available. This would be of tremendous help in ongoing cases especially when the only evidence we can gather is limited to screenshots.

Kay Calpo Lugtu is the COO of Hungry Workhorse, a digital and culture transformation firm;Co-Founder of Caucus, Inc. and Deputy Director of Global Chamber Manila. Her advocacies include data privacy, financial literacy, and nation-building. The author may be reached at or, to the more cautious now, at