Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: How does this work.....

  1. #1
    Junior Member
    Join Date
    Jan 2004
    Posts
    7

    How does this work.....

    How does computer phorensics work? Like when the police or other organizations perform phorensics on a computer, what type of information is found? Can they somehow get a log or transcript of a private message that was sentd/received or of chat sessions in general? Emails? What type of information is found? I have heard that phorensics can show a list of websites that has been visited but you can get that from the section on temporary internet files. I am interested in this because I have no idea what is all entails. How about some suggestions on good books to purchase to learn more? Thanks.

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Depends what OS your on...

    But in general its true that websites can be seen (cookies, history, temporary internet history). Im not sure whether the entire convosation can be viewed from the computer, but I would think most companys like MSN and Yahoo keep logs on there servers that the police can request off them.

    If you look on this forum and in the tutorials youll find a great deals of info. Have a look at negatives index in the tutorial forums

    ps: - learn to spell its at the top of the page...Computer Forensics

    i2c

  3. #3
    Ok there are hundreds of ways the Police / Federal Police can gather evidence from your computer, even if you were lucky enough to delete everything.
    You see there are many programs that can be used to find information from your Hard Drive.
    Even if you have a Disk Drive that does not work anymore, it is indeed possible to retrieve majority of the disk's content.
    It's just a matter of reading up and then once you think that you have learnt from what you have read, then you should be able to understand better in this area.
    I would recommend a quick serch through Google.
    Here i found a google link, it's mainly about how to retrieve data from a dead HardDrive, but you will find that the techniques used, could possibly be used to recover evidence from a seized computer.

    Link i found


    cheers
    front2back:.


    P.S:
    Umm 12c, i wouldn't be to harsh towards anyone else with spelling mistakes, just by taking a glance at your post i found a spelling mistake, maybe next time don't be so quick to point out others mistakes.

    convosation
    "conversation"

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    front2back:

    fair enough, I'd personally say thats a typo. But I should of proof read my post first anyway...

    I believe in T.E.Lawrence's attitude towards spelling anyway..

    i2c

    PS: - If I wanted to get cocky i'd say you spelt my name wrong, but I cant be bothered

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Bluewave,

    I suggest you look through the security tutorials in "Computer Forensics" particularly for stuff written by a member called groovicus, as he is well clued up on the subject.

    i2c ( are you happy with my spelling old chap ) has made a good point in that it will depend on the operating system and also to some extent on the machine, but I am assuming that we are talking PC here? On top of this, you have to consider the applications involved.......Browser, cryptograhy etc.

    The type of computer "forensics" that I believe you are talking about falls into two major categories:

    1. the search for evidence of computer activity
    2. the search for evidence of computer data

    Examples might be:

    1. Hacking.............did the computer access a certain site at a certain time, who owns the ISP account, who logged in....................

    2. Terrorism/Child pornography/Drugs.................addresses, contacts, message contents............

    The basic principles are that nothing is ever deleted from a computer.............you have to physically destroy it to destroy the evidence.

    I would therefore suggest that you look at:

    1. data encryption/decryption
    2. data recovery

    These are the principles that are really involved, they only become "forensics" due to the contents of the data and the circumstances.

    Hope that helps

  6. #6
    Originally posted here by i2c

    PS: - If I wanted to get cocky i'd say you spelt my name wrong, but I cant be bothered
    Don't worry for me it was just lazyness, cause i couldn't really worry if i spelt something right or wrong.
    As long as it's half readable then i don't care. .

    Anyhow good point there nihil, i'm suprised that i didn't think of that info.
    Anyhow hopefully the advice i2c and the link i gave and the advice you've given, + some Tutorials thrown in me thinks he/she should hopefully fullfill there thirst for knowledge.


    cheers
    front2back:.

  7. #7
    is it possible to disable?????... so they cant check stuff on my PC

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    hodzic,

    Please check out groovicus' contributions in computer foresics, and my "computer security" tutorial. The bottom line answer is "no"......it cannot be "disabled" that is how it works.

    But there are ways of making sensitive information hard to find, and removing a lot of "clutter" that web browsing generates.

    Do a google search for "Xen" by Paul Brown and read the tutorials that come with that (free) software.

    Cheers

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    I agree with you to front2back my spelling is poor and i rarely both with it, the only reason I did here is becuase I felt that it would help the original poster with finding information about his choosen topic on search engines, although google spell checks for you, and i usually use it as my spell checker.

    i2c

  10. #10
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    350
    You wouldn't believe what they can do to get your HDD's info. You'd have to overwrite your entire HDD 7x by federal standards to make the data irretrievable, and even then they physically destroy the HDD by incineration. Look into storage on a HDD, and "shadow data", or "data trails" on a HDD. It's actually rather amazing what can be done to retrieve info.
    Geek isn't just a four-letter word; it's a six-figure income.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •