Digital Forensics – What can you learn

June 3, 2018

IT Forensics South Florida

What can you learn with a Digital Forensics analysis?

When performing a forensic examination of a computer or mobile device, a lot of information can be discovered.

Deleted text messages - Many times, deleted text messages can and will be recovered. Even tho the timestamps may be missing, the body of the text may be salvageable. I personally have seen over 150 deleted text messages and over 30 portions of voice mails from my personal cell phone.

Deleted files – When a file is deleted, it is NOT destroyed until they have been overwritten.

System data – The operating system it self holds information which can be helpful if not crucial. For example, you can determine the last time a user logged in. The last software package used. The last time the operating system was installed. What files were opened from external sources such as a network drive or external device, which brings us to the next item.

External Devices – Today we are always connecting something to our computer.  A forensic analysis can determine what was connected.  When it was connected.

Wiping software – If wiping software has been used on a device it may be discovered through digital forensics.

Sometimes the "Lack" of activity in it self, speaks volume.  For example, lets say a user has lot of activity for a period of 12months, then hardly any file activity for a 2 months, then back to the normal activity.  This may be an indication the user deleted files in that time period.

If you are unsure or have questions of a particular situation or scenario, give us a call 866-384-5221 or shoot us an email. We are always available to assist you.

Leave a Reply:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.