Is there a difference between Digital Forensic Investigation Method and Digital Forensic Technique?

I received a great question on our YouTube channel. Edited for clarity.

…is there a difference between Digital Forensic Investigation Method and Digital Forensic Technique? If so, can you kindly give me examples?

That is a great question! Digital investigation methods are individual procedures for doing some task. Techniques are which methods (and in what order) the investigator chooses to do some task. For example, there are many ways (methods) of recovering data from a hard drive. However, an individual investigator will choose specific methods that they believe will work best for a particular problem. That choice is the technique, and everyone is slightly different, even if the underlying methods are the same.

You can think of it like dancing. Everyone can learn the same steps (method) of dancing, but great dancers add their own flair (technique) to the dance.

Can these be the methods: Identify specific objects that store important data for the case; investigation preparation; seizure isolation; acquisition of data; examination analysis and reporting. The techniques can be Preserving the evidence, web activity reconstruction, file signature verification, network device investigation, and recovering hidden files.

Everything you’ve listed has aspects of both methods and techniques. Remember that a method is a procedure for achieving a goal. But many different methods can produce the same end goal. The technique is which method or combination of methods an investigator chooses to reach the goal. Let’s look at one of your examples:

“Identify specific objects that store important data for the case.” This covers several ideas and needs to be broken down further.

• Identify specific objects (data)
  • There are many methods (procedures) for identifying data structures.
  • An investigator may choose a combination of methods (technique) to maximize the amount of data identified.
• that store case-related data
  • General methods and standards of court guide what is defined as “case-related.”
  • An investigator’s knowledge and choice of investigation structure can help support whether something is case-related.
• important
  • Methods (rules) for argument and persuasion.
  • The investigator’s writing style and investigation choices can affect whether something is perceived as significant.

An investigation is built on many methods that an investigator chooses to maximize their outcome. All the things you listed have aspects of both methods and techniques.

NOTE: Most people will not differentiate between methods and techniques. All the things you’ve listed can be colloquially described as “methods.” You can use the terms interchangeably for practical purposes, and people won’t mind.