Thursday, 9 February 2017

How To Recover Digital Evidence? Methods & Techniques

Any crime, be it cyber crime or any other personal crimes like assault, kidnapping, rape, leave definite traces through which an investigator obtains essential evidence and solves the case. Presently, as more and more users go mobile and utilize such other interconnected devices, they are often considered as the center of the investigation. Anyways, the post emphasize on numerous types of digital evidence produced by a typical computer user, be it a criminal or not.

Evidence Recovery

But before we go deep, let's walk through certain principles of digital evidence or any evidence recovery procedure.

  • No additional actions should be taken by the law enforcement agencies. 
  • In a situation where a person finds necessary to access the original data needs to be competent enough and capable of offering evidence explaining the relevance and implication of his actions.
  • The person in charge of the investigation has overall responsibility for ensuring that the law and the principles are adhered to. 

In today's era, especially when you aim to conduct a proper workplace investigation, it is pretty hard to underestimate the importance of digital forensics. Now, what are the types of evidence that can be found on a PC or on a computer's hard drive?

  • Address books and contact list
  • Audio- video files/ recordings
  • Backups to various programs
  • Bookmarks and Favorites
  • Calendars
  • Database
  • Documents
  • Log files/ organizer
  • Picture/images/ videos

Methods & Techniques For Proper Evidence Recovery

The file location is changed - In any investigation, one should never expect to find all the user related information in the default folder or location. You need to search the entire hard disk to locate all the log and history files. While conducting a proper workplace investigation, always remember to analyze each and every application available on the device.

Hidden files and folders - Every computing device comprises of certain files and folders that are prevented from unauthorized access. With the help of forensic analyzing tools, one can easily access these files and folders.

Destroyed evidence - Attempting to destroy digital evidence is pretty common in the evidence recovery procedure. Recovering these evidence more relies on the action and time available after destroying these files.


Post a Comment