![]() macOS, Windows), you can expect to get hands-on on dismantling computer parts, especially taking out hard drives from laptops.įor data recovery, you need to learn the internal mechanisms of hard disk operations and the newer solid-state drives (SSDs). NTFS, FAT, Android) and operating systems (e.g. In digital forensics, you need to learn how to use commercial forensics tools, either through employment or open-source forensics tools like Autopsy or SIFT Workstation.īesides learning about file systems (e.g. Examples of software tools used are Recuva for Android devices, Dr Fone for iOS devices and PhotoRec for mass storage devices like memory cards and USB flash drives. For example, mobile forensics uses software like Cellebrite UFED and Oxygen Forensic tools, while cloud forensics uses software like Magnet AXIOM.ĭata recovery uses hard drive diagnosis equipment to check disk health and attempt disk repair. This prevents any accidental writing to the device. There are differences in both the hardware and software used.ĭigital forensics uses physical write-blockers to ensure the imaging of the data is always in read-only mode. Phase 3: Logical recovery of the files, partitions, Master Boot Record and filesystem structures.Steps Digital Forensic Stage/s Comments 1 Collection The proper seizure procedure of devices to prevent physical damage and file contamination 2 Preservation The forensic process of acquiring (imaging) a forensic image of the device 3 Analysis The examination stage to uncover any inculpatory or exculpatory digital evidence using digital forensic tools 4 Presentation Explaining the forensic findings, typically presented in a court of law when used by law enforcement agenciesįor data recovery, there are four (4) phases, namely The methodology used in digital forensics involves the four (4) steps shown in the table below. This refers to the difference in steps and processes involved in achieving the output. However, this process usually takes a long time and can take a few days, depending on the storage capacity and size of the hard drive. Often, the technique of data carving will be used to “carve” out the lost file from the disk partition. In data recovery, one will be more interested in recovering deleted, overwritten, hidden and lost files. These findings can incriminate vs exculpate someone. In digital forensics, one tends to be more interested in system & app artefacts such as the computer’s login date/time, the list of websites one visits, the last edit date of the document, and the timeline of all events on the device, etc. The act of data carving will also overwrite certain portions of the disk space, thus making changes to the disk-allocated or unallocated space. Therefore, no changes, including metadata changes, are introduced.įiles remain the same as the last time it was used.ĭata recovery will make changes to the files since they had to be copied and data craved to uncover previously deleted content or versions. This means all the files in the device are intact, and there is no contamination made to these files. In terms of their content and metadata, file changes when they get copied, opened, printed or edited.ĭigital forensics preserves the integrity of the data extracted from the device. If you want to recover important files that have been deleted, overwritten or lost, use the data recovery method. In-depth file reconstruction can be performed and requires time to restore back. If you want to introduce digital evidence in court, use digital forensics methodology and tools.įor data recovery, this is used frequently by those who really need to find back lost files, e.g. checks into employee misconduct, data leaks, etc. When you use digital forensics methodology and tools to extract data from electronic devices, the data can become useful digital evidence for criminal investigation cases and even corporate crime investigations, e.g. This is probably the most important difference between the two. ![]() Here are the seven (7) key differences between them. What is the difference between Digital Forensics and Data Recovery?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |