Retrieving Digital Evidence: Methods, Techniques and Issues
This article describes the various types of digital forensic evidence available on users' PC and laptop computers, and discusses methods of retrieving such evidence.
A recent research conducted by Berkeley scientists concluded that up to 93% of all information never leaves the digital domain. This means that the majority of information is being created, modified and consumed entirely in digital form. Most spreadsheets and databases never make it on paper, and most digital snapshots never get printed. There are many activities such as chats and social networking that are specific to digital and are even unimaginable outside of the virtual realm.
Figure 1: up to 93% of all information never leaves the digital domain
Most such activities leave definite traces, allowing investigators to obtain essential evidence, solve criminal cases and prevent crimes. This article discusses the many types of digital evidence produced by a typical computer user, criminal or not, and demonstrates methods and techniques available to extract that evidence out of the original PC and into the hands of a forensic investigator.