Data Recovery in Computer Forensics

Last year, more than 60% of internet-related businesses in the UK admitted that they have been victimised in some way or the other by computer criminals. Universities are offering data recovery as part of their forensics computer security courses.
All these facts point out a very important change coming over the attitude towards crime and computers. There are no crimes left in the world where a computer may not be used in a direct or indirect way. And, the law is waking up to this.
What is Data Recovery?
It is the process of recovering data lost either through accident or malicious intent. Data can be stored on hard discs, USB drives, CD/DVDs, digital tapes, or online. A criminal can use this data in the following ways:
1. Data that is supposed to be secure is accessed and used for illegal purposes. This is the most common form of cyber crime. Hackers first access data, then they transfer it and store it within their access range, and finally use it for whatever purpose they had in mind. An example is the theft of credit card details. When a hacker has got all the details of your card, he can make transactions in your name, or simply empty your account with a click of his mouse.
2. Data can be tampered with for sabotaging. Most corporate criminals use a virus or other methods of corrupting data, crashing a server, denying access etc. to jeopardise the working of a company. The implications can be well understood if a malware is introduced into the security network of a country.
3. A criminal may generate harmful data. All pornographic chains fall under this, as do the otherwise innocent-looking spam mails. A car loan ad may actually be a virus, and when you click on the ad, the virus gets implanted into your system. It can then move towards crashing the server, and catching you unawares when the computer ‘goes blank’ suddenly.
4. Criminals in many cases are leaving behind evidence, right from plans to carry out a crime up to actually dumping evidence of the crime on the computer. This can happen with any crime; one may start a hate mail chain, or use a computer to prepare the blueprint for a murder.
The Process
When forensic investigations are to be helped by data recovery techniques, the experts follow various techniques to get to their goal. The main stages involved are:
1. Identification: To begin with, the sources of the evidence are to be identified. A data recovery expert who is into forensics knows that the source cannot be tampered if it is to be provided as evidence, just like one cannot touch the knife found sticking into a corpse if it is to be examined for fingerprints.
2. Securing and Preserving: The data that is lost or tampered with needs to be restored to its original condition, and at the same time it cannot be ‘touched’. This is where the trickiest part comes in. The data recovery expert makes an exact copy of the evidence (for example – a hard disk), and then proceeds to work on this copy. At the same time, the original disk is carefully preserved in the way it was found for digital finger printing, dusting and other forensics investigations.
3. Analysing: The damage done, the possible source of the crime, the method used, are all analysed now from comparing the evidence and the recovered data. Once again, it is kept in mind that this would have to be produced in a court of law.
4. Documenting: A record of the evidence found, method of crime, damage done etc. is created for presenting to the law.
A Case
A Bristol school teacher was accused of running a child exploitation and pornography racket from his school premises in winter 2006. His computer did not contain any incriminating photographs, and he might have gone free. However, data recovery revealed that he had indeed taken advantage of his young students, and then tried to remove the data from his computer after floating it on the internet. He was brought to justice only because the data could be recovered. If he had been born in another time, he would have been able to continue his horrible career of blackmail and exploitation.

James Walsh is a freelance writer and copy editor. For more information about using Computer Forensics see http://www.fieldsassociates.co.uk

Article Source: http://www.articlepros.com