Exciting terms get overused and worn down with time. I can remember when “awesome” meant magnificent, extraordinary, awe-inspiring. Today it’s barely stronger than “that’s nice.” Maybe it’s inevitable; people like to use words with a strong punch, even when they’re excessive.
“Digital forensics” is an example. Dictionaries say forensics is the study of issues in public discussion or debate. We usually think about it in connection with technical investigation of legal issues. Was a crime committed? If so, who did it and how? With so much of the world being computerized, people can legitimately use the term for a lot of digital activities, like identifying forgeries and attacks. I used the term for my own investigation of a defect in Honda’s MP3 players.
In the library and archiving world, though, some people are using it just because “data analysis” sounds awfully (there’s another word that’s been worn down) dull. In an interview on the Library of Congress’s digital preservation blog, Kam Woods says:
Digital forensics commonly refers to the process of recovering, analyzing, and reporting on data found on digital devices. The term is rooted in law enforcement and corporate security practices: tools and practices designed to identify items of interest (e.g. deleted files, web search histories, or emails) in a collection of data in order to support a specific position in a civic or criminal court case, to pinpoint a security breach, or to identify other kinds of suspected misconduct.
Occasionally that process does get involved with court cases and suspected misconduct, but he stretches its bounds:
The goals differ when applying these tools and techniques within archives and data preservation institutions, but there are a lot of parallels in the process: providing an accurate record of chain of custody, documenting provenance, and storing the data in a manner that resists tampering, destruction, or loss.
When archivists do their jobs, it prevents controversies from arising in the first place. I’m not demeaning the work; it’s better to prevent uncertainty than to have to resolve it. But good record keeping isn’t forensics.
Sometimes the methods and aims of “digital forensics” and real forensics directly oppose each other. Woods points out that the former needs to avoid collecting sensitive personal information where it’s not appropriate. A real forensic investigation will often need personal data as a vital clue.
People will go on calling routine data analysis “forensics” regardless of anything I say here, but let’s not confuse it with the real thing.