How Digital Forensics Helps Solve Cybercrimes

Have you ever seen the movie Live Free or Die Hard? If so, you’ll remember the chaos that follows when cybercriminals attack the nation’s infrastructure. Although this scenario is from a movie, cybercrime is very real. “The good guys” need people like you to become experts in digital forensics. Are you ready to learn how digital forensics helps solve cybercrimes?

From identity theft and ransomware attacks to phishing scams and data breaches, cybercrimes are becoming more sophisticated and more common. In fact, global cybercrime costs were expected to hit over $10 trillion annually by this year. That’s why digital forensics is more important than ever.

At UTSA Online, you’ll have the opportunity to earn a Digital Forensics minor as part of your bachelor’s degree in Cyber Security. You’ll learn the same content from the same faculty experts who teach UTSA’s in-person students. And when you graduate, your diploma will say “The University of Texas at San Antonio.”

You may be wondering how you’ll balance returning to school with everything else you have to do. Don’t worry, at UTSA Online, you won’t have to compromise. You won’t have to go to campus or log in at a specific time for classes, saving you time. You’ll be given due dates each week, but you’ll have the flexibility you need to complete your coursework around your schedule. With a degree in cyber security, you can change or grow your career and help make the world safer. 

For this blog, we interviewed our digital forensics expert, professor Thomas Ervin (left). Before we hear from Professor Ervin, let’s break down what digital forensics involves. We’ll also explore how cybercrime is evolving and how digital forensics plays a critical role in solving these crimes.

What is Digital Forensics?

Digital forensics is like detective work, but for computers, phones, and other digital devices. With digital forensics, you’ll identify, preserve, analyze, and present digital evidence so it can be used in court.

The process usually involves some basic steps:

• Collection: you’ll gather data from devices, networks, or cloud storage.
• Preservation: you’ll need to make sure the data isn’t altered or damaged.
• Analysis: you’ll dig into the data to find clues, like deleted files, login records, or suspicious activity.
• Reporting: once you’ve analyzed the data, you’ll present your findings clearly and accurately, often for legal proceedings.

Cybercrime Trends

Cybercrime has a long history dating back decades, before the Internet even existed. As cybersecurity has advanced, so have the methods used by cyber criminals. But with the advancement of technology, cybercrime has evolved even more dramatically. It’s not just about viruses or spam emails.

Today’s threats include:

• Ransomware: Hackers lock your files and demand payment to unlock them.
• Phishing: Fake emails or texts trick you into giving up personal info.
• Cryptojacking: Bad actors use your computer’s power to mine cryptocurrency without your knowledge.
• Deepfakes and AI-driven scams: New technology is being used to create convincing fake content.
• And more.

With digital forensics, you’ll need to constantly adapt to keep up with these changes. But don’t worry. UTSA stays up-to-date on what you’ll need to know and adapts its courses as needed. As a fully online student, you’ll benefit from these updates as well!

How Does Digital Forensics Help Solve Cybercrimes?

Digital evidence is often the key to cracking a case. You’ll learn how to identify who accessed information, when they did it, and where it happened. You’ll also learn to uncover deleted messages, trace IP addresses, and even recover stolen data. In many cases, these methods are the only way to prove a crime happened and identify the person behind it.

Whether you’re helping law enforcement track down hackers or supporting companies after a data breach, you’ll be essential to investigations.

Now, let’s hear from professor Thomas Ervin. He has over 25 years of experience supporting federal law enforcement with cyber forensics analysis on criminal and national security investigations.

As mentioned above, UTSA’s bachelor’s degree in Cyber Security is the same whether you’re fully online or in-person at UTSA. Throughout the Q&A, we’ll use “UTSA” and “UTSA Online” interchangeably.

Q&A With Digital Forensics Expert Professor Thomas Ervin

Tools and Technologies of Digital Forensics

Q: What tools and technologies are most commonly used in digital forensics investigations, and how do you utilize those in your teaching?

A: In our courses, we regularly use industry-standard tools like FTK, Autopsy, Wireshark, and Volatility for memory analysis. These are the same tools used by professionals in the field. At UTSA, we emphasize hands-on labs and assignments that simulate real-world investigations, allowing students to analyze disk images, recover deleted files, identify suspicious files, and trace attacker activity. Our goal is to bridge theory with practice from day one.

Q: How has the advancement of technology impacted digital forensics in solving cybercrimes, and how does UTSA keep up with this?

A: Technology evolves fast! Forensics now includes mobile devices, cloud data, and even Internet of Things (IoT) artifacts. At UTSA, we stay ahead by updating our curriculum regularly and working closely with industry partners. We also incorporate real-world case scenarios and offer access to modern datasets and tools. Our digital forensics classes attempt to mirror the complexity of current investigations.

Challenges in Digital Forensics

Q: What are the biggest challenges digital forensic investigators face when trying to solve cybercrimes? 

A: One major challenge is encryption – data is often inaccessible without proper keys or warrants. An example would be trying to access a subject’s encrypted cell phone without knowing the PIN or Password. Investigators also face issues with data volume and volatility, especially in cloud or memory-resident attacks. Other concerns involve identifying hidden data and maintaining a proper chain of custody to ensure evidence is admissible in court.

Q: Does UTSA Online have any projects that simulate these challenges?

A: Yes, our students work on assignments and case simulations involving compromised systems, forensic timelines, and volatile memory analysis. These scenarios are designed to mimic real investigative roadblocks – missing logs, fragmented evidence, or anonymized attackers. We also introduce students to data hiding techniques such as Steganography.  It’s all about building critical thinking and adaptability skills. 

Collaboration and Ethics in Digital Forensics

Q: How do law enforcement agencies collaborate with digital forensics experts in cybercrime investigations?

A: Digital forensics experts often support law enforcement by providing technical insights.  At UTSA, SCADA and Internet of Things (IoT) forensics labs work regularly with federal and local law enforcement to assist with training and actual ongoing investigations.

Q: Are there any ethical concerns associated with digital forensics investigations, especially regarding privacy and data security? How do you address those in your classes?

A: Absolutely! Accessing someone’s data raises serious ethical and legal questions. In class, we stress the importance of warrants, proper scope, and minimizing unnecessary exposure of personal information. We include ethics modules and hypothetical dilemmas to prepare students for real-world decisions they’ll face as practitioners.

Digital Forensic Case Studies

Q: Can you share a case study where digital forensics played a key role in solving a cybercrime?

A: In my “previous life,” prior to teaching, I was a technical lead for the 9/11 investigation – terrorist attacks against the World Trade Center and Pentagon. In that investigation, we sifted through mounds of digital evidence, to include seized computers, flight manifests, email accounts, chat logs, library computer logs, and phone records. We used timestamps, geolocation, and logins to build a comprehensive pre-attack timeline showing how hijackers moved, met, and communicated. That case reshaped how we, as a nation, approach data aggregation, interagency collaboration, and the integration of digital forensics into national security frameworks. 

Q: How does digital forensics help identify suspects or determine their intent in cybercrime cases?

Forensics can link digital evidence (i.e. usernames, time stamps, and file paths) to specific actions. Combined with behavioral analysis, we can often determine if the activity was accidental, malicious, or part of a broader campaign. Intent is crucial in cases like insider threats, where context matters just as much as technical evidence.

Future of Digital Forensics

Q: What does the future hold for digital forensics? 

A: Expect more focus on AI-driven analysis, cloud-native investigations, and machine learning to handle large datasets. As attackers evolve, so must our detection and attribution methods. We’re also seeing growth in forensics for smart devices and virtual/augmented reality environments.

Q: Are there any emerging trends or technologies that might shape the field, and how is UTSA preparing for those?

A: Definitely! Trends like IoT forensics, encrypted communication platforms, and cross-border cloud investigations are reshaping how we approach evidence collection. At UTSA, we’re introducing labs focused on emerging technologies (i.e. forensic analysis of smart watches, VR headsets, and smart home devices) to keep students ahead of the curve.

Advice for Aspiring Digital Forensics Experts

Q: What advice do you have for students or professionals aspiring to work in the field of digital forensics?

A: Stay curious and never stop learning! Tools and tactics change, but the ability to think like an investigator is timeless. Build a portfolio of hands-on projects and seek internships or research opportunities early. It’s a field where attention to detail and ethical responsibility matter just as much as technical skill.

Q: What are the key skills and qualifications needed to excel in digital forensics?

A: Core skills include file system and operating system knowledge, networking, scripting, and report writing. Certifications help, but practical experience is just as valuable. Communication is also key! You will often have to explain complex findings to non-technical stakeholders.

Q: How important is a degree when we’re talking about getting a job in digital forensics/cyber security?

A: A degree gives you a strong foundation and opens doors, especially in federal or law enforcement roles. At UTSA Online, our programs are designed for working professionals and career changers, with flexible formats and a strong emphasis on applied learning. We prepare students not just to get jobs, but to thrive in them!

Why Get Your Cyber Security Degree at UTSA

You may be wondering “what makes a cyber security degree from UTSA Online worth it?” In our 100% online program, you’ll earn a Bachelor of Business Administration in Cyber Security. You’ll gain a solid foundation in essential business principles alongside practical, hands-on technical skills that every cyber security professional needs. 

Hear more about what makes a Cyber Security degree at UTSA different from other institutions from Professor Ervin and Rita Mitra, D.M.A. Mitra is a Professor of practice in the Information Systems and Cyber Security Department and the director of Online Programs in the Carlos Alvarez College of Business at UTSA.