Posted June 21st, 2006 by Chetan Gupta
by Chetan Gupta, NII Consulting
A small experiment…Create a new text file. Edit it using Notepad and type “Hello” in it. save and exit the editor. Right click the file and check its properties. Did you notice the two attributes “Size” and “Size on disk”. It looks something like this on my Windows XP system
Size: 5 bytes (5 bytes)
Size on disk: 4.00 KB (4,096 bytes)
Have you ever wondered why this difference? If the size of file contents is only 5 bytes, why are the remaining bytes assigned to the file? Do they serve any purpose? Well, atleast not to any average user of computer systems! Read the rest of this entry »
Posted May 2nd, 2006 by admin
by Chetan Gupta, NII Consulting
How many times in an investigation does a forensic investigator come across the problem of acquiring data from a suspect’s laptop? The answer to this question would be ‘many times’. Whenever such a situation arises, the investigator is usually in a dilemma as to whether he should open the laptop, take out the hard disk, connect it to IDE-to-USB converter and then perform the duplication or should he try to do it without opening the laptop. The preferrable choice usually is the latter one in which the investigator acquires the suspect disk over the network. Choosing the first option could lead to the laptop/hard disk getting damaged or the warrantly of the laptop being rendered void. Read the rest of this entry »
Posted January 21st, 2006 by admin
by Chetan Gupta, NII Consulting
Evidence Collection is the heart and soul of the Forensics process. It becomes even more important if the evidence needs to be produced in a court of law. After the investigator has assessed the situation and determined a response strategy, he would move on to acquire the image of the suspect system. The investigator’s best bet is to have a defined methodology for creating an image in a forensically sound manner. The most difficult part of forensic duplication is having the appropriate cabling and hardware Read the rest of this entry »