IT Forensic Solutions

 

FAQs

Got questions?

We have answers!

Home * About Us * FAQs * Our Links * Contact

Need Help Fast?

  • Visit our FAQs. We have easy answers to the questions you ask the most.
  • Contact Us. We've assembled an extensive list of help aids to assist you.
  • Need More? We offer custom design services for your modification needs.

Important!

We have been Certified by BrainBench!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Itforensicsolutions@2007

FAQs

1. What is Computer Forensics?
 

A classical definition is: "Computer forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law."

Generally, computer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.


2. What is the objective of this?
 

Usually to provide digital evidence of a specific or general activity.

3. To what ends?
 

A forensic investigation can be initiated for a variety of reasons. The most high profile are usually with respect to an investigation, or civil litigation, but digital forensic techniques can be of value in a wide variety of situations, including perhaps, simply re-tracking steps taken when data has been lost.

4. What are the common scenarios?
 

Here are some examples:
Employee internet abuse
Unauthorized disclosure of corporate information and data
Industrial espionage
Damage assessment
Criminal fraud and deception cases


5. How is a computer forensic investigation best approached?
 

It's a detailed science. The main phases are sometimes considered to be: secure the subject system (from tampering during the operation); take a copy of hard drive (if applicable); identify and recovery all files (including those deleted); access/copy hidden, protected and temporary files; study 'special' areas on the drive (e.g.: traces from previously deleted files); investigate data/settings from installed applications/programs; assess the system as a whole, including its structure; consider general factors relating to the users activity; create detailed report. Throughout the investigation, it is important to stress that a full audit log of your activities should be maintained.

6.Can deleted files be restored?

Yes, if they have not been completely overwritten. If they have been partly overwritten, the answer is maybe. Special utilities can help in this regard.

7.So what is data recovery?

Again, a classical definition is that data recovery is the process of retrieving the data from damaged disk drives, media, computers, peripherals or operating systems or recovering lost or deleted data from media

8.Is it possible to determine when files were deleted?

Sometimes, depending on the operating system, even if they were removed from recycle bin.

9.Can password or encryption protection be cracked?

Sometimes yes, but not always. There are laws protecting privacy rights, and it is often necessary to get a court order before cracking a password or encryption.

10.My computer has had physical damage, or otherwise lost my files, can you get them back?

Usually yes, but not always. If files were recently deleted, they may still be recoverable. The further back in time they were deleted, the less recoverable they are. You may be able to get substantial portions back, but not everything.
Physical damage is another issue entirely. When this happens a case by case evaluation must be done to fully assess the possibility of recovery.


 

 

Home * About Us * FAQs * Our Links * Contact