No Such Thing as a Magic Computer | Managing expectations in computer forensics

By Daniel Hains

 forensic accounting firm brisbane

We are engaged by our valued clients in different ways, be it simple data recovery, analysing mobile phone communications all the way up to serious theft of electronic intellectual property.  And most often, we’re able to provide an optimal outcome in an efficient manner.

Sometimes, however, the expectations of those seeking our help far exceed the facility by which we are able to provide a solution.  According to the mainstream media, all data is always recoverable and everyone and everything is hack-able, but often this is not the case.

Below are the main points that I seek to provide to clients to help them achieve the best outcome for a problem in the computer forensics field in which we operate.

Is my data recoverable?

That depends.  Not an easy answer but, really, there are quite a few factors that have an effect on if and how your data is going to be recoverable.

What sort of device is it?  What is it used for?

A typical Windows-based PC with an internal hard drive that’s used for email, web browsing and Office files is a much better chance when compared to an Apple Mac that’s used heavily for design work or video production.

These two devices have different operating systems and Macs also tend to have secure deletion turned on by default, so if you have a Windows PC then its good chance your data can be retrieved but if you have a Mac then very likely not.

How long ago was the data deleted?

Hard drive can fill up and overwrite older data, so the sooner you have your device checked, the better?

Solution – back up your data, no matter what device you have. Store your backups securely and you’ll have no problems.

Can you check my phone for deleted SMS / images / call logs?

Yes we can, but again, it depends.  We will need access to your device for a period of time, usually a few hours at least and we need your access code.  And we can’t put the communications back onto your device.  Any results of analysis of a mobile phone or tablet is placed into a separate file or report and provided to you on completion.

Security of mobile devices is improving all the time and forensic providers are always catching up to the most recent updates.  So, if your device is the latest updated and patched software then we are less of a chance of being able to access your data without the PIN compared to an older device with out of date software.

Solution – always use a PIN to secure your device and keep it updated.  But be prepared to provided that information in order to retrieve your data in the event it is deleted.  And back up your data securely, no matter what device you have.

My device is making weird noises after I dropped it and doesn’t work.  Can you help?

Physical Damage?  It depends.  Most hard drives, especially modern solid state disks (SSD) are quite robust.  I have recovered data from disks that were fully submerged in the case of a flooded business.  But each case is different where physical damage is concerned.

The best practice is to not power on a device once it has been physically damaged and then take it to a data recovery specialist.  The device can be evaluated and then probability of recovery assessed.

Solution (best defense) – – back up your data, no matter what device you have. Store your backups securely and you’ll have no problems.

Have I been hacked?

Maybe.  Maybe not.  In every case of “hacking” that has been brought to me, it was due to older mobile phones and / or tablets (…ahem…Apple…cough cough) or similar devices being given to other family members and then access to emails, notes and personal information, including banking details, being shared.

The most common and real hacking occurs in the form of crypto attacks (ransomware) and these are particularly nasty.  Usually, an internet link or infected file will be accessed by a user which then loads the virus / malware and leads to your data being locked up by encryption, to be released only on payment of the ransom amount.  If you have access to expert IT consultants then they will be able to assist you to recovery your data, or, consider paying the ransom in extreme cases because no one will be able to break that encryption.  No one.

Solution – make sure you have reputable antivirus software (including firewall) and that it is up to date as is your device’s operating system.  Also, to recover your data after a crypto attack, ensure that your data is backed up and stored securely.

Final Thoughts

There’s a reason that these types of articles are repetitive and that is that the simple things work the best.

  1. Keep your device up to date and have antivirus software installed.
  2. Keep passwords secure and don’t reuse passwords for different devices / accounts.
  3. If in doubt, don’t click on links or files that you don’t trust. (If it’s too good to be true, etc…).
  4. Seek advice from a professional if you need data recovery, but be prepared for the worst if you don’t backup your data and store your backups securely.

What do we do?

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media.  The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analysing and presenting facts and opinions about the digital information.  This involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Our processes usually entail utilising our specialised software to make an image of a subject system’s hard drives and physical memory, and to automatically parse it into human-recognizable formats.  This allows us to examine and search for specific types of files or application data (such as e-mails or web browser history), point-in-time data (such as the running processes or open network connections at the time of evidence acquisition), and remnants of historical activity (such as deleted files or recent activity).

Want to know more?

Learn more about managing expectations in computer forensics and how to get the best outcomes by register for our free webinar.

Want to know more?

If you would like to know more about managing expectations in computer forensics, please contact Daniel Hains our Forensic Technology Director for assistance.

An Important Message

While every effort has been made to provide valuable, useful information in this publication, this firm and any related suppliers or associated companies accept no responsibility or any form of liability from reliance upon or use of its contents.  Any suggestions should be considered carefully within your own particular circumstances, as they are intended as general information only.



Related Posts
lending solutionsppsr