Data or Drivel?
Digital forensics is, without question, all about the data. Our tools, especially FOSS (Free or Open Source Software), get better all the time with regard to identifying and extracting artifacts. The premise itself is simple - human behavior during the course of computer interaction tends to result in new or changed artifacts. For the sake of discussion, artifacts that have been removed or otherwise deleted are changed artifacts. It's those new/changed artifacts that our tools dig up for us. As a simple example, a user downloads a file that did not exist on that system before the download will itself be an artifact, along with potential metadata about the file (i.e. MAC dates/times), data about the download (i.e. zone information), and the user account under which the download was carried out. There may likely be many more artifacts than these, but it's easy to see from this example that artifacts tend to result from human/computer interaction. Our tools are generally ver