In the modern era, Personal Digital Assistants (PDAs) are getting immensely popular. They are no longer meagre electronic devices holding personal information, appointments and address book. Modern PDAs are hybrid devices integrating wireless, Bluetooth, infrared, WiFi, mobile phone, camera, global positioning system, basic computing capabilities, Internet etc., in addition to the standard personal information management features. Technology is often a “double-edged sword” and it “breeds crime”, as Pereira (2005) describes in his article. PDAs are also of no exception. They are becoming more and more involved in electronic crimes, mainly because of their compact size and integrated features. The Federal Bureau of Investigation (FBI, 2005) has recently highlighted the issue of growing crimes involving portable devices, in their computer crime survey.
Investigating crimes involving PDAs are more challenging than those involving normal computers. This is mainly because these devices are more compact, battery operated and store data in volatile memory. A PDA is never really turned off as long as it has sufficient battery power. Evidence residing in PDA is of highly volatile in nature. It can be easily altered or damaged without getting noticed. In order to collect such evidence and ensure its admissibility in a court of law, sound forensic techniques and a systematic approach are needed. A standard forensic model for PDAs, which provides an abstract reference framework, is particularly important in digital crime investigations. In addition to law enforcement officials, such a model can also benefit IT auditors, information security experts, IT managers and system administrators, as often they are the first responders related to any sort of computer crime in an organization.

Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions using accepted methods. Mobile phones, especially those with advanced capabilities, are a relatively recent phenomenon, not usually covered in classical computer forensics. Cell phones vary in design and are continually undergoing change as existing technologies improve and new technologies are introduced. Developing an understanding of the components and organization of cell phones is a prerequisite to understanding the criticalities involved when dealing with them forensically. Similarly, features of cellular networks are an important aspect of cell phone forensics, since logs of usage and other data are maintained therein. Cell phone forensics include the analysis of both SIM and phone memory, each requires separate procedure to deal with.

Large storage capacities and personal digital assistant (PDA) functionalities have made the digital music device a technology that should be of interest to the cyber forensic community (Reith, Carr, & Gunsch, 2002). The digital music revolution has also seen the digital music device become a common household item. It is only a short time until they too make a natural progression into the criminal world. This progression has already begun. One example is the use of, an Apple iPod by a gang of thieves in England to store information related to their crimes (BBC News, 2004). The latest digital music devices include large storage capacities as a result of hard drive technology. Some of the hard drive-based devices have capacities upwards of 60GB. With this much storage space for music, developers have branched out and included features like a calendar and contact book ("Apple iPod - Music and more", 2004). These devices are simply a portable hard drive, and have the ability to store other types of files besides music; such as documents or pictures. Thomas (2004) reports that an employee could take sensitive information by using the capabilities of a digital music device. Suspects could potentially store critical evidence on these types of devices. It must be determined if current frameworks of cyber forensic science are applicable and to what extent current guidelines can be applied to digital music device forensics..

Printed material is a direct accessory to many criminals and terrorist acts. In addition, printed material may be used in the course of conducting illicit or terrorist activities. In both cases, the ability to identify the device or type of device used to print the material in question would provide a valuable aid for law enforcement and intelligence agencies. For example counterfeiters often digitally scan currency and then use colour laser and inkjet printers to produce bogus bills. Forgers use the same methods to make fake passports and other documents. Investigators want to be able to determine that a fake bill or document was created on a certain brand and model of printer. They also want to identify not only which model printer was used but specifically which printer was used. Thus it will be possible to tell the difference between counterfeit bills created on specific printers even if they are the same model. The two approaches as suggested by the Purdue University are:
First, by analyzing a document to identify characteristics that are unique for each printer, and second by designing printers to purposely embed individualized characteristics in documents.
The second method is done by most of latest printer manufacturing companies. No two printers of the same model will behave in the exact same pattern. This is because the mechanical parts, which make the printer, will not be 100 percent equivalent. Manufacturing such printers would reach to the point where each printer would be too expensive for consumers. If, however, the printer cartridge is changed after a document is printed, the document no longer can be traced to that printer.

A large portion of digital image data available today is created using acquisition devices such as digital cameras and scanners. While cameras allow digital reproduction of natural scenes, scanners are used to capture hardcopy art in more controlled scenarios. For forensic approach a non-intrusive scanner model identification, which can be further extended to authenticate scanned images is a necessity.

Using only scanned image samples, a robust scanner identifier should determine the brand/model of the scanner used to capture individual scanned images. A proposal for such a scanner identifier is based on statistical features of scanning noise. Scanning noise of the images can be done from multiple perspectives, including image denoising, wavelet analysis, and neighborhood prediction, and obtain statistical features from each characterization.

The same approach can be extended to digital cameras and other imaging devices. The most significant challenge is that “analytical procedures and protocols are not standardized nor do practitioners and researchers use standard terminology".
The technology change will result in new devices emerging in the digital world. Whenever a new digital device enters the market a forensic methodology has to evolve to deal with it. This phenomenon will expand the field of device forensics.