IT analysis / regular technical analysis
- Goal: obtain information, answers, or clarification
- Methods: any that work (live browsing, exporting data, running scripts, etc.)
- No special documentation or integrity requirements
- Result: technical report, recommendation, or internal findings
Digital forensics (informatyka śledcza)
- Goal: produce court-admissible evidence
- Strict adherence to forensic standards (ISO/IEC 27037, NIST, Polish criminal procedure rules)
- Mandatory chain of custody, verified bit-for-bit imaging, hashing (SHA-256), detailed documentation of every action
- All work performed on forensic copies only – never on the original
- Result: forensic report or expert opinion that can be used in civil, criminal, or administrative proceedings
In short
IT analysis answers the question “What happened?”
Digital forensics answers the question “Can we prove in court what happened, by whom, and when?”