Computer Forensics for PC's
By using Disklabs, a company which follows ACPO (Association of Chief Police Officers) guidelines closely, to supply your PC forensics requirements you are ensured of a high level of service supplied by highly trained PC forensics analysts. Computer crime is the most rapidly growing sector of crime around the globe, it is important that companies protect themselves from litigation due to misuse of company equipment and resources by employees or outside sources. Disklabs are able to supply our client base with cutting-edge PC forensics techniques designed to ensure the integrity of your corporate data, and maintain security of your network infrastructure. Private users may also find that Disklabs is able to help them in many ways, including investigating unauthorised use of their home PC, highlighting possible security risks and reclaiming lost or deleted files and documents.
Modern-day PC forensics techniques are based around the ability of a PC forensics analyst to create a forensically clean image of the PC under investigation. This image can then be interrogated for all types of forensic data including pirate software, malicious software including key loggers, computer logs and Internet history. Many amateur PC users believe that it is simple to cover their tracks and hide or delete all records of activity they have undertaken on a PC. PC forensics analysts have access to some very advanced software which allows them to track, catalogue and trace this activity even if measures have been taken to hide or remove it.
There are three fundamental types of data which will be investigated by a PC forensics analyst, these three being saved data, meta data and finally deleted data. The simplest of these three forms of data to interrogate is the saved data, unfortunately this can often lead to contamination of the meta data (creation, modification, access dates and file access information), it is important that a forensically clean disk image is taken and saved before the saved data is examined. Meta data can be useful in building a timeline of data access as it contains the creation date of the original file, along with the last day it was modified on and the last day it was accessed. Deleted data is often the most valuable form of PC forensics data and requires specialised software tools to recover and interrogate. Deleted data is often not 100% complete, usually portions of the deleted data will have been overwritten by fresh data, and once again it is important to have a forensically clean disk image stored to ensure none of this deleted data is lost during the examination of the saved data and the meta data.
