Forensic data analysis, otherwise known as a forensic analysis, is a subset of digital forensics. Highly investigatory in nature, forensic analyses are typically used to prepare digital evidence for use in potential or upcoming legal proceedings. However, they also have pertinent uses in cyber defense, data backup, hardware or software failure, and other, similar scenarios.

Examining the Different Types of Data Forensics
As mentioned, forensic data analysis is used in many different cases. With so many moving parts, it's important to find a starting point. Some of the most common and widely used forms of forensic data analysis include:

• Malware forensics: As malware becomes more commonplace and even more sophisticated than ever before, more investigators find themselves cleaning up the mess left in the wake of malicious software.
• Network forensics: Useful when investigating network-based attacks or incidents, network forensics involves traffic monitoring, reviewing firewall logs, and similar activities.
• Database forensics: With so much information contained within databases these days, it should come as no surprise that they're a highly valuable asset in many investigations.

There are other forms of forensic data analysis, too. Given the myriad of things that could go wrong with a computer system or network, it's critical that you're looking in the right area. Conversely, it's also important that you're using the right tool for the job.

What Tools Are Used During a Forensic Analysis?
Various tools are used during a forensic data analysis, including both software and hardware solutions. The exact utilities chosen ultimately depend on the end goal of your forensic analysis. Those who are investigating a failed hard drive, for example, will use vastly different tools than those who are simply analyzing and recording accessible data in preparation for a legal case.

Regardless, there are some common tools seen in forensic data analysis. These include:

• Storage medium scanners and analyzers: Hard drives and other forms of data storage, including USB drives and SD cards, are all prone to failure at some point. These utilities are useful when trying to diagnose a crashed or failing hard drive.
• Physical memory scanners and analyzers: A computer's physical memory, or RAM, can also present issues that, in extreme cases, could cause an entire system to stop working. These utilities help you detect and diagnose any potential issues.
• Network capture and traffic monitoring tools: Despite the world's collective efforts, cyber crime and malware distribution is still commonplace on the internet today. As such, network capture and traffic monitoring tools are helpful when analyzing web traffic - either incoming or outgoing.
• Disk encryption: Many organizations - and even some individuals - use disk or data encryption as a means of safeguarding their data. When perform a forensic analysis, encrypted drives, partitions, and files can present a significant challenge to investigators -especially if an access key isn't provided.

Many other hardware tools and software utilities are used in various forensic investigations, too. Disk imaging programs, for example, can capture the entire snapshot of a hard drive or other storage medium. Tools like Microsoft Word or Excel are useful when creating final reports and disseminating the results of the investigation. Again, it's not about having access to as many tools as possible. It's about having the right tool for the job and knowing how - and when - to use it.

You may read more about computer forensics in Wikipedia: Computer forensics.