A suspect formats the hard drive of his computer containing photos and videos of people he stalks and assaults. A disgruntled employee copied and hid confidential data from the corporate computer system to his personal computer. These are real crimes in the computer age. To help with the investigation, the police needs the expertise of computer security professionals, which in turn use computer forensics software to gather the required data.
Recovering Formatted Hard Drives
Formatting a hard drive essentially deletes all contained data. Well, at least ‘through the eyes’ of the computer system on which it is connected. But unless the formatting was done on low level which means resetting each bit to 0, it’s still possible to recover data on a formatted hard drive using specialized software. The regular format process only resets the headers of the data but keeps the rest intact. Computer forensics software has the ability to restore this data to its original form.
Hiding data in computer systems is a common practice in cybercrimes and is done by encrypting the data or hiding the content to another file. Since computer systems can contain tens of thousands of files, manual search is not feasible. This is where the data search feature of computer forensics software can help. The basic program Grep, for example, is a tool used in searching for text content on files. With it, the security professional can search for a particular word or phrase contained in the computer system files. Grep does this by searching for the sequence of characters defined in the search.
How Does This Help the Police?
With the functionalities and tools mentioned above, computer forensics software can help with the investigation by gathering enough evidence and helping the police in coming up with a strong criminal case that can be used against the suspect.