Recovery Centre
The Process of Data Forensics
As computers become more and more useful, its contributions to the criminal world also seem to increase.
The Process of Data Forensics
As computers become more and more useful, its contributions to the criminal world also seem to increase. This is why data forensics is becoming a more important branch of data recovery. The computer forensics process breaks down into five steps: the preparation, the collection, the examination, the analysis, and the final reporting.
The preparation stage involves the investigator in charge of a specific criminal case. During this stage, the official reports and processes required before the collection of data and digital evidence begins should be conducted properly by an investigator. For example, in an investigation where the owner of the computer or digital evidence involved has not given consent to the data forensic process, then the necessary legalities should first be straightened out. Only then will the collection of data officially begin.
Collection of evidence through computer data can be done in many ways. Digital data that can be used as evidence can come in countless forms such as computers, cellular phones, hard drives, CDs, USB memory disks, digital cameras and so on. In computers and hard drives, additional caution must be applied because computer data can be easily changed and manipulated. And in most cases, changes become invisible and untraceable. Some investigators create a cryptographic hash to be able to detect any modifications done to the data from the time the hash was established.
Handling computer data also include various data handling practices such as protecting the data with a writeblocking tool to avoid any additions to it. It is also important for the investigator to document every step taken during the data forensics process. And since data forensics is extremely keen on accuracy and truth, a tested and fully validated data recovery method should be used to ensure that results are accurate and perfectly reliable.
Another aspect of data forensics is the analysis, not only of the computer data itself, but of the computer user. Most data are secured by passphrases, encryption keys, and other security applications that are easily bypassed with the help of certain information from the user, if they are possible to obtain.
Before retrieval, a careful analysis of the digital evidence must first be done. There are special tools that can be used for this purpose. An analysis of digital evidence often involves reviewing the digital material, reviewing the registry of the computer, bypassing security such as passwords, searching for keywords with relation to the crime being investigated, browsing for images, and checking e-mail correspondence.
Analysis of computer data comes in two forms. First, there is dead analysis, which refers to recovering data from hard drive contents. In some cases, investigators analyze data with the computer system on shutdown to be safe from any additional security measures such as digital time bombs installed in the system.
However, there is also what is called live analysis. This is sometimes preferable because a lot of people now use cryptographic storage, which means the only copy of the decryption keys are kept in the memory of the computer and shutting it down may cause the loss of that information.
Property of RecoverMyPc Inc.
