In: Computer Science
Question about CyberForensic
The steps used to recover the deleted images and documents are:
Step 1) Detecting deleted data
First of all checking the recycle bin. Many computer users, including criminals, believe that once they delete a file, it disappears from the hard disc. Even some experts believe that files are destroyed when recycle bin is emptied but this is not the case. The file still remains in the memory but we can't access it directly. So, if file not found in recycle bin the we followed the next steps.
Step 2) Finding hidden data
Extracting Data hidden in a disc zone . Some data remain present even after data deletion or disc repartitioning. Besides, there are many options for criminals with technical know-how how to hide data, mainly using a disc editor, stenography, encryption etc. Therefore we find recovery and reconstruction of hidden data
Step 3) Shadow Data
Another option that is examined is shadow data, created due to a difference in vertical and horizontal alignment of the magnetic heads. Namely, when accessing particular disc sector, the access points of head 1 and head 2 are not exactly the same, and this difference enables some data to remain present even after overwriting. Hence, it is sometimes possible (although very time consuming and expensive) to recover overwritten data.
Step 4) Steganography
Looking for hidden files within other files(Steganography). This type of encryption is made possible through empty space or change in value of the least significant bit. Eg: data hidden within images , lets say there is an image which is recorded through description of any single pixel represented by particular byte e.g. 10011000. When the least significant bit (the last one) is changed from 0 to 1, a different shade of pixel color is obtained and a hidden bit is created. In this way the entire file may be hidden within different parts of the image. Hidden bits and their order are detected by using several anti-steganography programs that can detect the presence of hidden files. Detecting the presence of hidden files is much easier than their reconstructing