Cyber criminals are increasing. As reported by FBI briefings, the quantity of digital forensics cases are actually doubling, at times even tripling, from one year to the next. In the beginning, the professional literature applied the phrase of digital forensics to specify the specific outlet of forensic technology addressing the investigation and retrieval of different material present in computer systems. It is now broadened to digital forensics as a way to include the examination and inquiry of all the devices which can hold digital information. These types of investigations often will be carried out in relationship to a crime. This is why it is crucial for the computer forensics investigator to not just have the appropriate practical knowledge with relevant training, but also meaningful experience in the area of investigation. The task of an investigator is not easy. In fact it is unique from that of system and network professionals, no matter how knowledgeable or proficient they are.

The most familiar application of these types of digital forensics investigations is usually to discredit or aid hypotheses before a court of law. The case will be either criminal or civil -- with regards to electronic discovery. Digital forensic investigations also prove useful in the private sector, including corporate security and internal investigations. Regardless of the case, a computer forensic investigator uses a standard procedure that commences with the seizure of media and proceeds with its acquisition (also referred to as forensic imaging) and examination. The investigation finishes with the generation of a complete report used to describe the evidence obtained. An investigator must provide as much detail as possible before going through these previous steps, thus, the initial step is invariably interviewing every one of the individuals who can provide insight concerning the crime or situation.

The technical processes always begins with the acquisition of the volatile evidence, because computer data can change or vanish quickly. After this phase, which will at times be particularly demanding to conduct, the investigator has to the computer or digital device (depending upon the degree of access). The investigator tracks the physical storage space, such as memory cards, hard disk drives, removable disks or USB drives, that will be duplicated and cloned.

The field of digital forensics is exciting, but it is also complex and demanding. An excellent computer forensic investigator should not only be well trained and experienced in the field, but also be in a position to step away from the technical arena and into the real world in court. Testifying may be the most difficult part of an investigator's work. In the courtroom you will need to interpret the technical forensic terminology to situational key points that others can comprehend. Regardless of how flawless an investigation is, a poor presentation in court could kill it.