Private Investigator Home Page
CORPORATE INVESTIGATION
COMPUTER FRAUD
City: 0207 158 0332
Office: 01483 200999
www.answers.uk.com
Send EmailPrivate Investigator Brochure
info@answers.uk.com
IT FORENSICS 3 - EVIDENCE FROM COMPUTERS & LAPTOPS
Evidence will be most often found in files that are stored on hard drives, whether internal or external:
Evidence on PC's
Evidence will be most often found in files that are stored on hard drives, whether internal or external. Files may, of course, have been deleted and will need running of sophisticated recovery programmes. Dates and time of creation can be of vital importance, as can modification dates, deletion dates etc. Temporary back up files, web cache , address books etc may be re-created with application.

Areas for consideration include:
Evidence
User Created Files: May contain evidence of relevant activity, e.g. address books and database files that can prove associations with persons external or internal, or undisclosed communication. Images can be rebuilt even if deleted, as can video or scanned documents. Such files may be in the form of:
Evidence
  • Address books
  • Email files / folders
  • Images
  • Text Documents e.g. Word
  • Internet Browser bookmarks
  • Database files
  • Spreadsheets
  • Audio and Video links
IT Forensics
User Protected Files: A user may encrypt or password-protect important data, or hide files on a hard disk, within other files, or attempt to hide incriminating data under an innocent sounding name. User Protected files may be in the form of:
Action on Scene
  • Compressed or Zipped Files
  • Renamed or misnamed files
  • Encrypted files
  • Password Protected Files
  • Messages written in a manner that only writer and recipient can understand
  • Hidden Files
Evidence
Computer Generated Files: Evidence may also be found in files and data areas that are created routinely by Operating Systems - something of which the user is often not aware. Password recovery is often achievable through recovery and examination. Some file components hold evidentiary value such as time and date creation/ modification / deletion / access; even turning the machine on may alter some of this information e.g. the last time a PC was booted may be of importance. The attributes of a particular file may be a solid indication or pointer. Data may be retrieved from:
Evidence
  • File backups
  • Dates times, passwords
  • Deleted Files
  • Free space
  • Hidden Partitions
  • Lost clusters
  • Boot records
  • Other partitions
Computer Forensics Business Legal issues Fraud
Absenteeism in the workplace - Private Investigation Defending Employment Tribunal Fingerprinting Surveillance
Moonlighting Office Network Compensation Culture Serial Saboteurs
Site Map
Business ClientsPrivate ClientsSolicitors / LegalJobsOffices
Private Investigator Offices
Private Investigator Offices
info@answers.uk.com
Private Investigator Offices Private Investigator Offices info@answers.uk.com
London Private Investigator Private Investigator London Email Private Investigator Private Investigator Guildford Private Investigator Surrey iEmail Private Investigator
Southampton private Investigator Private Investigator Hampshire Email Private Investigator Private Investigator Bournemouth Private Investigator Dorset Wiltshire Email Private Investigator
Private Investigator Reading Private Investigator Berkshire Email Private Investigator Private Investigator High Wycombe Private Investigator Buckinghamshire Email Private Investigator
Private Investigator Watford Private Investigator Hertfordshire Email Private Investigator Private Investigator Oxford Private Investigator Oxfordshire Email Private Investigator
Private Investigator Crawley Private Investigator West Sussex Email Private Investigator Private Investigator Eastbourne Private Investigator East Sussex Email Private Investigator
Tel: 0800 980 4 267

"searching the world for answers"

© F.L.I.P. Ltd 2002-2012

 Email