Computer Forensics
The process of acquiring and analysing the data stored on some form of physical storage media. It involves processes and procedures whereby the acquired data is not corrupted during handling and is acceptable to the court of law. It includes the recovery of hidden, deleted data, file identification etc.
Computer forensics involves analysis of two types of digital data. First, the transmitted data in which the information is gathered through internet and second, the fragile data in which the data is stored in the electronic, optical or magnetic storage media such as
hard disks, floppy disks which can be easily altered. This type of examination yields qualitative output and excludes from calibration of equipment or estimation of uncertainty of measurement. Use of the guideline adopted in this document will provide more information with least damage to the evidence. Rapidly changing technology encountered in casework will require periodic revisions.
- Shutdown Procedures while Preserving Evidence
- Disk Imaging
- Collecting Volatile Data
- Evidence & Timeframe Analysis
- Application and File Analysis
- Hard Disk Examination
- Recovery of Delated Data from Removable Storage
- Data Examination & Authentication
- Smart Card Dongle
- Biometric Scanners Analysis