So, what is DFIR? Digital Forensics and Incident Response are commonly abbreviated as DFIR and refer to a particular skill set in computer security and forensics. This article will focus on the digital forensics part of this unholy union of the two fields.
“Computer Forensics is the retrieval, analysis, and use of digital evidence in a civil or criminal investigation” (Hayes, 2019).
Note the emphasis in the definition of the use of digital evidence in a civil or criminal investigation. The importance of understanding the legality of forensics cannot be overstated. Just as there are computer hacking laws that you can be convicted if you hack into a system without authorization such as the Computer Fraud and Abuse Act (CFAA), it is the same with computer forensics investigations…..