E-Forensics is the application of electronic investigation, which has the capabilities of recovering data or visible to the user in legal proceedings. The deleted files often contain the Electronic files that do not show up which is important to your case, but identifying the deleted files plays the key role in e-forensic.
The latest technology of e-forensics makes sure that the information is legally justifiable by maintaining a proper document chain of custody, identifying the electronic data capturing methods and gain the knowledge of latest technologies used in e-forensics.
Electronic discovery is the process of extracting data from electronic documents that contains electronic data such as e-mail, word processing files, accounting files ,spread sheets, presentation files, databases, CAD and some form of computer records stored, where the CPU caches are generally managed by hard drives which includes cache memory, magnetic disks, optical disks such as DVD’S,CD’S. Often such information or data that is recorded on any type of electronic media has the possibility of discovery of data in the claim, which can be shown as evidence.
E-forensic applies special scientific methods to determine the scope and presence of information contained on digital media. E-forensic differs from electronic discovery and is used only in case of potential crime involved. The data that is not accessible by the user which includes information such as deleted files, hidden files, web based files, password protected files and special devices such as ipods, Mp3 player’s, storage area network and cellphones can also be discovered with E-forensics
Capturing electronic media forensically:
The original media is copied using specific capture applications with features so that there are no changes made to the original one. Security Hash algorithms are provided to take initial measurement of each file. A form of digital finger print is applied before and after processing activities to prove whether the file is changed or not during processing. Most common types of hash algorithms use MD5 (128 bit algorithm) and SHA1 (160 bit algorithm) which is primarily used in computer forensics.
There are two methods to copy the process: Bit-by-Bit copy and Forensic image.
* Bit-by-Bit Copy: To make the exact copy of the device, each specific byte in the device is copied to the new device and the write blocker software or hardware is utilized to prevent any changes to the data. This creates the exact copy that requires no manipulation of the data to recreate the original media.
* Forensic Image: All the files on original media are contained inside the forensic image file, where it contains a wrapper which protects the files. To create this image file special software is required and this cannot be altered without the change of hash algorithm. In addition a cross validation test is performed to validate the process.
By this process of capturing the data, e-forensic tool provides a solution to the individuals, government agencies and private industry in tracking the things by this scientific equipment tool which provides the required analyzes and interpretation to a court. www.DataTriage.com is the best e-forensic service expert providing the cost effective approach to support ongoing investigation.
Contact us
(Free initial consultation – no spam)
Contact form (1)
"*" indicates required fields