By Annalise Kempen

Whenever the term “forensics” is used, one is reminded about the Locard exchange principle of “every contact leaves a trace” which states that no perpetrator can leave a crime scene without leaving some trace. In the physical world, it would refer to physical evidence such as fingerprints, bullets or blood ( The question is whether forensic experts will be able to apply the same principle to the digital world to find digital or electronic evidence.

Digital forensics, investigations and evidence
The term “digital forensics” has only been recognised in the 1990s, even though there is evidence that the first computer-related crime was reported in the late seventies. Irrespective of whether one prefers to use the term “computer forensics” or “digital forensics”, this branch of forensic science focuses on the recovery and investigation of material found in digital devices as it relates to cybercrime. The definition has further been expanded to include the investigation of any devices that have the capacity to store digital data (EC-Council, Nd).

As a matter of interest, the term “digital” is used to refer to information that is stored electronically, the reason is because the information is broken into digits - binary units of ones (1) and zeros (0) that are saved and retrieved using a set of instructions, referred to as code or software. Anything that is stored electronically, ranging from photographs to videos and documents, can be created and saved using this code. In its online document “A simplified guide to digital evidence”, the NFSTC (2013) explains that finding and exploiting evidence saved in this way is a growing area of forensics which constantly changes as technology evolves.

The American National Institute of Justice (2008) defines “digital evidence” as information and data of value to an investigator that is stored on, received or transmitted by an electronic device. This type of evidence can be acquired once electronic devices are seized and secured for analysis and can be latent or hidden, such as fingerprints or DNA; cross international borders; can be altered, damaged or destroyed with very little effort and can be time sensitive (NFSTC, 2013). According to Lochner and Zinn (2015), digital evidence consists of magnetic fields and electronic pulses that can be collected and analysed using special techniques and software. Dr Brian Carrier, who leads the digital forensics team at Basis Technology in the USA, explains that digital evidence is data that supports or refutes a hypothesis that was formulated during the investigation. This is a general notion of evidence and may include data that may not be court admissible because it was not properly or legally acquired (Carrier, 2006).

It is also important to distinguish between a digital investigation and digital forensic or computer investigations and experts. The latter refers to an expert who can testify about the forensic analysis process and information that could be retrieved from digital devices in a court of law. Lochner and Zinn (2015) argue that a computer or digital forensic expert combines the elements of law and computer science to collect and analyse data from computer systems, computer networks and storage devices in a way that is admissible as evidence in a court of law or during disciplinary proceedings.

Dr Brian Carrier describes a digital forensic investigation as a special case of a digital investigation where the procedures and techniques that are used will allow the results to be entered into a court of law. He uses the example of where an investigation may be started to answer a question about whether or not illegal digital images exist on a computer.


[This is only an extract of an article published in Servamus: October 2021. If you are interested in reading the rest of the article, send an e-mail to: This email address is being protected from spambots. You need JavaScript enabled to view it. to find out what you need to do. Other aspects that we address in the article is involving digital forensic investigators during investigation and steps of digital forensics.]