Practical Guide to USB Forensics - Data Breach Test Case by Tal Eliyahu

March 20, 2016

Computer forensics is the process of obtaining digital information and analyzing it for any leaked or stolen data. Basically, it involves management of the investigation and conducting the forensic analysis of the digital system. Here we will talk about Windows forensics and the parts or the components that can be or will be involved in Windows forensics.

There are two important steps involved in forensics investigation; acquisition and analysis. We will be discussing some important steps of a forensics investigation with illustrations, but let’s discuss some significant concepts about acquisition.

Acquisition of the image or acquiring an image involves getting a bit-stream copy of the original drive, which can also be referred to as bit to bit copy of the original drive. There are many challenges in acquiring an exact copy of the drive; one of the biggest is the second drive size. But using the original image for analysis is strongly discouraged, as the original can be modified or destroyed during the investigation or analysis, and in many cases, we cannot retain the original drive. So in this case, we need a bit by bit image of the drive. Many forensics analysts call this copy Forensics Copy, as this is different from copying the data to another drive. Backup software or copying software simply copies data from one drive to another drive, and doesn’t take into account the deleted data on the source drive. Forensics copying takes care of these files when copying....

Notify of

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
canon mg2922
canon mg2922
4 years ago

The details of each data you can check, this is a really well-explained article with proper infographics. The data you are looking is really not just data every data have a history. You just go through this technique to check it.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023