Thursday, December 5, 2019

Forensic Data Analysis & Recovery

Questions: 1.Writing Report Outlining the OS that the Employee may be using, Formulate Interview Questions that may Help you to Recover data, and Highlight the Possibility of Data Recovery? 2.Research Project on Investigation Management and Data validation Methods? Answers: 1.Case Project The process of reading the unreadable sectors from the secondary storage and recovering the required files for the evidence purposes is known as the Digital Forensics. There are number of software that are available in the market that gives you recovery success up to 80-95% of cases even after the severe damage to the Hard disk structure has happen. After receiving the call from the employee that she has deleted the important files accidentally and was unable to recover the files from the recycle bin. The situation being very common hence there are number of special tools available to recover the files efficiently but it depends upon the various factors, in order to clear out the doubts, few questions are needed to be asked from the employee for suggestion of optimal recovery: OS on which employee is working? Files deleted with names and their approximated size? Hard disk partition Size? Days passed since deletion? If the data partition from which files have been deleted is encrypted or not? The time taken to recovery from these special tools is generally quite low but it depends on various factors: Size of the partition Size of file Operating system of recovery Physical error on disk Large file size need better CPU for optimal solutions There are number of solutions available in the market, few of the best have been listed below: Paragon Rescue Kit EaseUS recovery software GetDataBack for NTFS and FAT GetDataBack is recommended because of simple user interface and large types of partition support. 2.Research Project The branch of computer science that deals with the evidence collection, recovery, authorization, and validation is known as digital forensic. The major goal being the collection of evidences in the manner that can be presented in the court of law. Though the digital forensics is used on crimes committed digitally but many a times it is being used in criminal based cases as well. The acceptance of standardly acquired digital evidences are more widely accepted by US and European courts. It was only in 21st century that standards came into place for collecting digital evidences before that there were no set procedures and standards available in the 19th century. The data recovered from the devices under investigations the data is recovered and stored on external sources, but since these are evidences we need to make sure they are the exact copy as well as no alteration made to original source we use SHA-1 hashing digest, it enables us to maintain the chain or custody and helps in finding out in case the alteration of records have taken place. With the rising trends of being mobile, smart phone have hit everyone like a storm and now we have millions of these device, which can act as potential cyber-crime device, the data or evidence recovery from such devices is quite a tedious process. With the increase in compression rate and their respective algorithm the data can be stored in compressed format and retrieved to original size and properties when needed and that can be easily verified using the SHA-1 and make sure nothing has changed and evidence are fool proof. References Forensic Data Analysis Recovery | Kroll. (2017).Kroll.com. Retrieved 12 April 2017, from https://www.kroll.com/en-us/cyber-security/incident-response-management/data-recovery-forensic-data-analysis Forensic Toolkit FTK Imager Free Download - ALL PC World. (2017).ALL PC World. Retrieved 12 April 2017, from https://allpcworld.com/forensic-toolkit-ftk-imager-free-download/ Can Intelligence Agencies Read Overwritten Data?. (2017).Nber.org. Retrieved 12 April 2017, from https://www.nber.org/sys-admin/overwritten-data-guttman.html Data Recovery Software Products - Runtime Software Products. (2017).Runtime.org. Retrieved 12 April 2017, from https://www.runtime.org/data-recovery-software.htm

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.