Computer Forensics Fundamentals
Project Name: Computer Forensics Fundamentals
Description: This blog will help all forensics investigator for Computer Forensics Fundamentals
Author: Rohit D Sadgune
Frequently Asked Question on Computer Forensics Investigation
- Checklist of Computer Forensics Fundamentals
- Protect the suspected digital media during the forensic examination from any possible alteration, damage, data corruption, or virus introduction.
- Discover all files on the suspected digital media. This includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files.
- Recover all (or as much as possible of) discovered deleted files.
- Reveal (to the greatest extent possible) the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system.
- Access (if possible and legally appropriate) the contents of protected or encrypted files.
- Analyze all possibly relevant data found in special (and typically inaccessible) areas of a disk. This includes but is not limited to what is called unallocated space on a disk (currently unused, but possibly the repository of previous data that is relevant evidence), as well as slack space in a file (the remnant area at the end of a file in the last assigned disk cluster that is unused by current file data, but once again, may be a possible site for previously created and relevant evidence).
- Print out an overall analysis of the subject computer system, as well as a listing of all possibly relevant files and discovered file data.
- Provide an opinion of the system layout; the file structures discovered; any discovered data and authorship information; any attempts to hide, delete, protect, and encrypt information; and anything else that has been discovered and appears to be relevant to the overall computer system examination.
- Provide expert consultation and/or testimony, as required.