The changing face of communications has made computer-based information a primary source of evidence in several investigations as well as legal matters. Due to the increasing inclination towards creating and using electronic documents, the computer is becoming a critical point of investigation for any firm that needs to locate information about its business activities. Computer systems, whether consisting of a single hard drive or a network of servers and desktops, are often the best place to start collecting potential data.
At the same time, forensics is not just about the tools, but about the process. All forensic investigations follow a series of steps to move from the stage of identifying what is to be examined to the point of presenting evidence. It may be for use in court, for internal disciplinary procedures or simply to monitor an incident. Failing to follow accepted forensic guidelines will cause evidence to be questioned and the collapse of what could be a bullet-proof case.
The data recovery process is a significant portion of the forensic analysis. This stage reveals the mass of evidence that can be mined for documents and data relevant to the investigation. Several classes of information can be recovered through this process.
The term ‘Active Data’ describes the original accessible data from the hard drive or tape. This is the data that was accessible to the particular user working with the computer. The term ‘Recovered’ refers to files and directories that were recovered after being deleted from the Active Data. Some of the files are recovered completely and are easily identifiable, while some are just bits and pieces, which require some expert analysis to try to put the puzzle back together. Lastly, the term ‘Unused’ describes the free space or unallocated portion of the hard drive. It contains two types of files, both of which essentially comprise the portions of the drive that are either free and open because they have never been used or free because the information contained there has been deleted, and the computer has marked that space as available for new information
Data Recovery for Computer Forensics and Police Investigations:
Reckless hackers and white-collar criminals are using the most modern technology for committing the followingendless list of frauds:
- Digital deception/erotica
- Inapt Data replication
- Unofficial Data replication
- Insolvency Data analysis
- Confidential enquiry of PC, PDA and Cell phone/Mobile Phone usage
- Employees frauds forgeries and theft
- Business shadowing
- IP Theft
- E-nuisances
- Computer Break-ins
- Inapt Internet managing and misuse
- Inapt Email messaging and misuse
The Police use data recovery processes and forensic investigation specialists to catch white-collar criminals.
Significance in Police Investigations:
Data recovery helps the police by offering the proof for all the covert activities. Some times an important data from a hard disk may be deleted, and to remove all the traces of proof the hard disk is reformatted and repartitioned. When the data is required for police investigation to establish the truth, sophisticated data recovery tools will help to retrieve the data and forensic investigator will assemble the bits of data to construct a proof and help the police.
Data recovery and forensic investigation will help to find out the details about all the web sites visited and the information down loaded by any individual in an organisation. When someone tries to download any information that is detrimental to the organisation and later delete it from the disk, data recovery will still recover the deleted information. This information recovery helps the police to uncover the pattern of illegitimate activity of the individual or group by spying the activities using appropriate tools.
Most of the modern offices are fully computerised and store all their information in their centralised servers. The stored information is segregated according to their intrinsic value and the levels of access are extended according to the working requirements of the individuals. If any one stealthily accesses the information and downloads it to misuse it against the interest of the organisation, it can be easily detected using the latest data recovery tools to assist the police investigation to pinpoint the individual and inform the exact time of access.
Forensic and data recovery teams assist the police in all the Cyber crime investigations related to child pornography, infidelity of a spouse for seeking divorce, credit card information thefts, online money transfer, IP theft, and E-nuisances.
Broadly speaking, just as the computer is becoming a mainstay in today's electronic workplace, data recovery and forensic investigations are emerging as vital aspects in many investigations as well as legal matters.