In the striking cases of murder, during the most complicated judicial processes, those concerning crimes such as fraud, corruption or even in cases of divorce, matrimonial loyalty and so on, one of the things that is checked first are the computers of victims and suspects. But obviously the policeman does not start to scan a PC by hand if there is something strange, he uses some programs that allow to automatically analyze all the data stored in the computer, including those that have been deleted.
This search for detection and study of files on a computer is forensic computer science that looks for evidence to be used in court proceedings.
In any case, in the small newspaper, without disturbing CSI science, you can easily control a computer and find all the data it contains, creating an orderly and easily searchable index or database of files, emails, internet history, of photographs, including data hidden in the maze of a PC's memory and deleted data.
1) The first forensic computer program to be reported is Digital Investigation Framework an open source software that can be installed on Windows and Linux.
Digital Forensics Framework ( DFF ) is a free program written in Pyton that can be downloaded for free by downloading the program with Pyton included (on Windows the complete installation file is dff-with-dependencies-1.1.0.exe ).
At the end of the installation you can launch the GUI from the Start menu and use the program.
The graphical interface is not too intuitive and is in English so someone may find it difficult to understand its use.
2) A much simpler program to use, equally powerful is OS Forensics, of which there is, for now, a free version.
After downloading and installing it, you can open the interface that shows a series of tools to penetrate the computer and find all types of data and information stored in the PC .
The free version has some limitations in finding files and decoding.
The difference between OS Forensics and DFF is that this time the main interface is much more intuitive and it becomes easy to create an index of all the files on the disk to search for suspicious information and different types of data.
It is possible to do an in-depth search for specific types of data, such as emails, zip files, Office documents, web pages, or specify customized file types during the advanced configuration phase.
The advanced options allow you to specify the file extensions you want to include in the scan.
OS Forensics not only finds existing files on the disk but also traces of deleted files on unallocated sectors of the hard disk.
Indexing data may take some time depending on the size of the selected folder and the performance of the computer.
Once the index is created you can use the search to find specific files that have been indexed previously.
Thanks to a portable tool to be copied to a USB stick, you can make an exact copy of a computer's hard disk which can then be analyzed with OS Forensics on another computer.
Among the most interesting tools are:
- Search within text files and emails
- The forensic copy to copy files from one folder to another keeping their properties intact and therefore the dates of creation, modification etc.
- Raw disk viewer to see the raw data of all disks.
- Display of memory details of all processes.
- Search for deleted files .
- Search for files with contents that do not correspond to the type of file, for example hidden archives or fake extensions (easy to hide a photo by changing the extension no "> Linux Caine (Computer Aided Investigative Environment) a Linux Live distribution to use by starting a CD computer that contains many tools to investigate thoroughly a computer and discover its use.
4) From the authors of Cain, you can download a program for Windows and WinTaylor, a collection of tools to find data and files on your PC.
