Digital Forensics

Digital forensics collects and analyzes digital evidence after an incident.

Updated: 2026-03-05

Definition

Digital forensics is the process of preserving, collecting, and analyzing digital evidence to understand what happened, how, and what data was affected.

It requires chain of custody and careful handling to keep evidence admissible and reliable.

Key points

Preserve evidence (chain of custody)
Analyze logs, disks, memory, artifacts
Supports root cause analysis and reporting

Common mistakes

Not isolating systems properly before evidence capture.
Changing timestamps/metadata by careless handling.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

what is incident response
what is chain of custody

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.

Go to exams