Last updated: April 29, 2026
A Mumbai brokerage detected a wire-transfer fraud of ₹3.2 crore. The IR team logged in to the suspect’s laptop, opened browser history, scrolled through email, and “checked things.” Three months later, the case fell apart in court because every piece of evidence was inadmissible — the live system had been altered the moment the analyst logged in. Digital forensics is the discipline of collecting, preserving, and analysing evidence in a way that survives legal scrutiny. Get it wrong once and the criminal walks free. This module covers practitioner-level digital forensics.
The forensic mindset
The investigator’s job is not to find the bad guy — it is to produce evidence that is:
- Admissible — collected by lawful means, properly preserved, chain-of-custody intact
- Authentic — provably the original, unaltered (cryptographic hashes match)
- Complete — relevant data in context, not selectively curated
- Reliable — methods reproducible by another analyst
- Believable — clearly explainable to a non-technical audience (judge, jury, regulator)
The conclusion is what your evidence supports — not what you suspect.
Get a free attack-surface review
We check what an attacker would see about your business — leaked credentials, exposed services, dark-web mentions. 30 minutes, no obligation.