Digital Forensics

10. Analysing the Evidence

Assessment continued: Examination

In Forensics, once the evidence has been collected, tagged and prepared, the next step is analysis. This involves taking a write protected copy and subjecting it to various analytical techniques. These may involve:

  • Timeframe analysis - the sequence in which actions were completed i.e files created, editied or deleted
  • Data hiding - whether files have been deleted, placed in unusual locations, disguised as other file types etc.
  • Application and file use - which applications were used and when
  • Ownership and possession - can individuals be tied to the computer at the times in which the alleged crimes were committed.
Data Recovery

By now, many of the previous exercises will have introduced many analytical tools available in Kali Linux that can be used for the analytical methods listed above.

The task now is to choose the right tools for the appropriate method and record your results. Your choices and findings should be recorded in the Examination form

Don't forget, the aim is to record the tools used, together with reasons for your choice, and your findings in sufficient detail to allow other investigators to follow in your footsteps and get the same results.

Data Examination

Now the last step

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee