Digital devices such as computers and smartphones have become primary sources of forensic evidence in modern investigations. With the increasing reliance on technology in daily life, digital evidence extraction has become essential for understanding and uncovering criminal activities. This article discusses the fundamental principles of digital forensics, focusing on how evidence is extracted from computers and smartphones, as well as the challenges involved. 1. Definition of Digital Evidence Digital evidence refers to any information stored or transmitted in digital form that can be used in legal proceedings. It includes emails, call logs, images, videos, geolocation data, and browsing history. 2. Stages of Digital Evidence Extraction A. Identification Identifying relevant devices and data connected to the case. This data may be visible or hidden within operating systems. B. Preservation Protecting data from alteration or damage during transport or analysis by using tools that ensure evidence integrity, such as creating a digital clone of the hard drive. C. Acquisition Extracting data using specialized forensic tools such as: EnCase and FTK for computers Cellebrite and Magnet AXIOM for smartphones D. Analysis Reviewing and examining data to uncover important evidence such as conversations, deleted files, or geolocation data. E. Documentation Recording all procedures and findings in detail to preserve the credibility of the evidence in court. 3. Techniques Used in Digital Evidence Analysis Deleted File Recovery: Deleted files can be restored if they have not been overwritten. System Log Analysis: Provides insight into device usage, program execution, and file access. Application Analysis: Particularly in smartphones, where apps such as WhatsApp, Telegram, and email are examined. Network Analysis: Helps track network activity and external communications. 4. Challenges A. Encryption and Privacy Protection Strong encryption and locked devices with complex passwords pose major challenges. B. Constant System Updates Operating systems and applications evolve rapidly, requiring continuous updates to forensic tools. C. Large Volumes of Data Investigating massive amounts of data is time-consuming and requires advanced analytical tools. D. Laws and Regulations Differences in privacy and digital data laws between countries can hinder investigations. 5. Importance of Digital Evidence in Criminal Investigations Digital evidence has contributed to solving numerous criminal cases, including cybercrimes, financial fraud, domestic violence, and even homicide. It is also used in civil disputes such as divorce and child custody cases. Extracting digital evidence from computers and smartphones has become an integral part of modern criminal investigations. As technology advances, the importance of this type of evidence continues to grow, requiring ongoing development of forensic techniques and a deep understanding of accompanying legal and technical challenges. Al-Mustaqbal University – The Leading University in Iraq
  SDG4