Digital Forensics: Content vs. Artifacts – What’s the Difference?
If you’re looking to find proof from a digital device in a matter or case — it’s important to know the difference between digital CONTENT and ARTIFACTS.
Cell phones, computers, mobile devices, servers, surveillance systems and other digital devices are repositories of CONTENT. Content includes user documents we’re all familiar with such as: Word files, spreadsheets, emails, instant messaging, text messages, etc.
While it is true you can garner a lot of information from content – there’s a whole other world of information that exists that you may be missing – ARTIFACTS. Digital forensic artifacts are not only more interesting but most importantly can provide far more validity to proof or factual digital evidence.
Forensic artifacts are items that get left behind based upon the activities of the end user of the device – footprints if you will. However, end users are generally not aware that these artifacts exist, furthermore, unlike content, artifacts are difficult to access and manipulate. As a result, there is significantly more validity of proof by considering the artifacts.
How Digital Artifacts Are Used
- Artifacts are used to corroborate the information in the content.
- Artifacts can reveal things that content never will. (We’ve yet to find a case where somebody wrote a document (content) where they said, “Dear Boss, This is the stuff I’m going to steal from the organization today.” Yet – working from the artifacts Digital Forensic Experts can tell just that.
- Artifacts can show intent or the state-of-mind of the individual. This includes what internet searches were being conducted and what web pages were visited or researched.
Examples of digital artifacts garnered from web searches:
- “How to frame your employer for more severance pay”
- “When is the best time to start a fire”
- “How to cover your tracks in arson”
Engage a Digital Forensics Expert
Digital artifacts aren’t readily available for an end-user to look at. You need to engage a Digital Forensics Expert.
Digital Forensics and Cyber Security Experts have both the tools and the knowledge to:
- Preserve the device so as not to trample on valuable artifacts;
- Know where to look;
- Accurately interpret the findings;
- Understand the subtle nuances as artifacts can mean different things depending on the Operation System (OS) and even the versions of software.
At Vestige, we are Experts at the analysis of artifacts and other electronic evidence, and we spend our time, day-in and day-out, researching, testing and understanding what artifacts exist; what they mean; and how they can be used – alone or in conjunction with other artifacts (like putting evidential pieces of a puzzle together) to prove or disprove allegations in a case.
If all you are focusing on is the content – you might get lucky, but if you want to increase your odds and make your facts more airtight, then you need to consider both content AND artifacts. Digital forensic artifacts are better indicators of what actually transpired and reveal more things than content ever will.
For additional articles:ARTICLES
CONTACT VESTIGE to request a FREE QUOTE on your cyber security or digital forensics case: