Define and describe the digital forensics practices that you used to complete this exercise Computer forensics is the process of gathering, evaluating and retrieving data, mainly to stop or prevent fraud, to gather and preserve data information for a criminal investigation, or it can be used to recover data that has been deleted or accidentally lost. Most forensic investigators should be required to have knowledge of a computer, the operating system, and hardware and software. Data recovery can be done on CD, DVD, USB, PDA, hard drives, and mobile phones, and many other devices.
The first thing we need to do was to gather the names of the files that were lost or deleted. After knowing the files that we were looking for, we needed to know the time frame when he notices the files were missing and when was the last time they were used or modified. Then we will need to find out how were the files lost or deleted from the system, was it via a malicious type of software, was it done by the customer or someone else or was it done accidently.
After we have collected all the information listed above, we can use our software to load onto the computer and do a scan of the hard drive to look for the files that he said was gone from his computer. Once we ran the full scan on the hard drive, we could either search for the file by name, or we could look in the recycle bin, and look for the files or the dates in which they were deleted. Once we find the files, we should be able to view the file before we recover it to make sure that it is the right files.
Sometimes the file might be renamed and displayed as a different file, so it is good to know the file size, the date deleted and the file type. Describe your methods of handling the digital forensic evidence that you used in this exercise. The first method of handling the forensic evidence is to check and verify what happen and what was deleted. Checking the system description to see what type of operating system is being used, whether it’s a Windows of a Mac environment.
Get a time line as to when this happen and how it happened, did your system crash, did you delete the file, did the file become corrupt or did you format your system and need to recover the data. What device and where did you delete the file from, hard drive, DVD, or USB. Once you have collected all the needed data, create a report on what happen and what did you do to correct the problem and recover the data. Explain why you chose the two data-recovery programs you selected
I chose the two data recovery programs, Ease US Data Recovery and MiniTool Data Recovery because, both of them were rated at least 4 stars, and has been downloaded at least 100,000 times. One of the main reason they were chosen is that both are free to use for file recovery or you can buy it if you like what it does for your system and file restore. I have used the Ease US Data Recovery before, doing my military time, and it worked pretty good for me.
Illustrate how you used the digital forensics tools you downloaded to locate, recover, and identify the three digital files. Once the files were downloaded to the computer, and updated, I ran the recovery programs to see what would happen. I executed the programs, once it was loaded, I did a complete scan on the C: drive. Once the drive scan was complete, I search the recycle bin for the files that I had deleted, but I did not see any of the file names that were deleted, that was the main problem I ran into.
I search and search for the file names, and they were nowhere to be found. I did a search by the file extensions, (mp4, doc and jpg) and I still could not find the file names of the files that I deleted. So I look into the recycle bin under both recovery program listings, and still there was not any files by the name of what was deleted. The next step was to check on the date of the delivery, and there were only three files in the recycle bin, but not the files I was looking for.
So I had to look at the date in which the files were deleted, and all three files in the recycle bin had the same date in which the files were deleted. Once I checked the delete date, I had to click on the files, and it allowed me to view the files, and then it allowed me to see the contents of the files, which was the same ones that I deleted. This should be a good reason to know when you started having a problem with your system. If any changes to your file has been done, for one of the categories of the recovery programs was when the file was last modified.
Once I clicked on the files, it asked me if I wanted to restore the file, and I said yes and it asked me where I wanted to restore the file to, so you just select where you want to restore them to and enter. Once the files have been restored, they did not convert back to their original name, they keep the name of the files that were found in the recovery program, but they still could be accessed for the original document file information.
So if any of these files contained any valuable information, I would have restored them to a DVD or flash drive to take with me to investigate the files for more details. Critique your success (or failure) when attempting to recover the three digital files. Ease US Data Recovery and MiniTool Data Recovery both offered the same type of recovery process, I like the Mini Tool Data Recovery program. This program gives you the basic information that you need to recover the file, thing like the creation and last modified date and the file size.
The Ease US Data Recovery file does not give you the title of creation date, it just has a column call date, and you do not know if it is the creation of last modified date. Both programs give you a new file name and file size, and filters to search by category, such as doc, jpg, pictures and or music files. One good thing about the Ease US Data Recovery, is that it gives you a deep search option, if you do not see your file in the initial search, this should be for file that might have been deleted a long time ago. Ease US, n. d. )
Both also have a spot to search for a file name, but if the file is renamed to something else, you will never find it by doing a search by name. Provide solutions for data recovery techniques and suggest tools to use. In order to provide solutions for data recovery, we will need to know what is meant by data recovery. It is a process, whereas you restore your data, that has been accidentally deleted, lost, corrupted or is somehow inaccessible to you for any reasons.
Rouse, 2012) There are many ways in which you can recover lost data from your computers or network. One process I like to use it computer recovery or restore to a certain point or day, it keeps most of your files in tack, but it can restore all files that were deleted or corrupted by a virus or a malware attack. There is also a system backup, whereas the administrator can do a complete system restore, and bring the system back to a certain date and time in order to recover the file that you needed, and bring the system back on line and up to date.
Most of the time your data should be stored off site somewhere, this way if you have a problem at the main location, such as a power outage or some type of natural disaster and you do not have access to your file, you can still restore them from the off-site location with ease. This all should be listed in your Disaster Recovery Plan, and should be updated on a regular basis as well as your security team. Explain how you can apply this skill in the future. The use of both recovery tools comes with attachment software that can be used for more than data recovery.
With the add on version which you will have to pay for once you upgrade your free version, it will allow you to do a backup of your files, which can make it easier for you to recover a file, if it is lost or deleted. Both programs come with a Windows and a Mac version you can use. (Ease US, n. d. ) Training of your employees on how to use certain program can lessen the burden on the administrator and teaching them what to do and what not to do can save time and money. The more you train and teach other the quicker you can handle a problem with lost or deleted files.
Depending on how often people delete files, you can change the attribute to a file to read only, and once it is in the read only mode, the file cannot be deleted, unless you remove that read only mode. Again training of your personnel to make sure they know how to remove the attribute if needed, if they need to update or change the file, but they will need administration privilege or permission from you, in order to make the change. (Hopkins, n. d. ) The best thing to do is ask the administrator to change the file attribute so they can make changes to the file, and have him to change it back once they have finished.
