It refers to complete study and analysis of the hard disk where the systems’ data is stored. The Hard Disk Drive (HDD) is typically the primary location of data storage within the computer.The hard disk drive remains the most common focus of computer forensic investigation. Digital forensics is the discovery, analysis, and reconstruction of evidence extracted from any element of computer systems, computer networks, computer media, and computer peripherals that allow investigators to solve the crime. We hereby in this project try to research and identify how forensic tools analyze a particular tool works,what strategy it follows and how the evidence is processed to the outcome. Our goal would be to put focus on an open source forensic tool WinHex so that it can be further used at basic levels to track theft of file and data on the system.
Digital forensics involves collection and analysis of digital evidence. Any information stored on a digital media can be a piece of digital evidence. In the battle against malicious hackers, digital forensic investigations are performed in support of various objectives, including timely cyber attack containment, perpetrator location and identification, damage mitigation, and recovery initiation in the case of a crippled, yet still functioning, network.
Forensic tools are used to analyze digital data and often find evidence that someone did or did not commit a crime. Forensic investigators typically follow a standard set of procedures: After physically isolating the computer in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the hard drive. Once the original hard drive has been copied, it is locked in a safe or other secure storage facility to maintain its pristine condition. All investigation is done on the digital copy
We are going to use open source forensic tool i.e WinHex for analysis and investigation. WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.
WinHex is a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards.