Digital Forensics – What can you learn
June 3, 2018
What can you learn with a Digital Forensics analysis?
When performing a forensic examination of a computer or mobile device, a lot of information can be discovered.
Deleted text messages - Many times, deleted text messages can and will be recovered. Even tho the timestamps may be missing, the body of the text may be salvageable. I personally have seen over 150 deleted text messages and over 30 portions of voice mails from my personal cell phone.
Deleted files – When a file is deleted, it is NOT destroyed until they have been overwritten.
System data – The operating system it self holds information which can be helpful if not crucial. For example, you can determine the last time a user logged in. The last software package used. The last time the operating system was installed. What files were opened from external sources such as a network drive or external device, which brings us to the next item.
External Devices – Today we are always connecting something to our computer. A forensic analysis can determine what was connected. When it was connected.
Wiping software – If wiping software has been used on a device it may be discovered through digital forensics.
Sometimes the "Lack" of activity in it self, speaks volume. For example, lets say a user has lot of activity for a period of 12months, then hardly any file activity for a 2 months, then back to the normal activity. This may be an indication the user deleted files in that time period.
If you are unsure or have questions of a particular situation or scenario, give us a call 866-384-5221 or shoot us an email. We are always available to assist you.