'Interrogating' a Hard Drive

Andy B

Andy B

Well-known member
UKGSer Subscriber
Joined
Apr 6, 2006
Messages
2,492
Reaction score
0
Location
Lea & Perrins country
I know it can be done, but how easily?

I'm involved in a fraud case (on the right side I hasten to add!:augie) and I've got my hands on the computer/hard drive of the guilty party. We suspect that there could be incriminating evidence on it, in the form of deleted files (probably emails and Word docs:type) but I don't know how to go about getting at them.

Anyone have any ideas?
 
boot it up and have a look. Simply try Undelete.....

Or search the net with google, I am sure there will be loads of programs to search for deleted files.

But BTW maybe someone else should be doing it, who knows what they are doing....
 
STEP AWAY FROM THE DISK!!! DON'T BOOT FROM IT UNDER ANY CIRCUMSTANCES!!!!

If you are involved in trying to evidence a fraud case you need to preserve the chain of evidence. Never work on the disk itself, always work on an image (a copy). If anything on the original disk changes, you will be accused of tampering and your evidence will be worthless.

There are a lot of ways that you can go about securing a copy of the image, but please go and get professional advice from a trusted source - asking on a motorbike forum isn't necessarily the best plan of attack :cool:
 
Loads of decent recovery software out there, but if your not an expert may be better to pay a few quid to a professional outfit as they should be able to do a better job.

I assume you purely want to search for deleted files and not put together a whole chain of events and behaviour.
 
Okay - message received load and clear!:bow

Got to start somewhere and I've got what I wanted from here!

Thanks guys.
 
Sorry for the shouting, but Richie posted before my message and I needed to get your attention.

If this was just a matter of lost files, I'd love to give you advice, but fraud cases can change lives and lead to time in prison - unfortunately that needs to be dealt with by people who know the pitfalls and can navigate around them. I'm afraid that you need to call in dedicated professionals, but later on down the line you should appreciate that that was a good idea :thumb2
 
this is one of the best pieces of software I have used to recover data... sometimes in instances like your own.. or sometimes cause the drive gets a little out of wack

more than likely you would use the "GetData back for NTFS" version of this software.. available below..

http://www.runtime.org/


now certain websites which shall not be named.. have this software available for free download.. but that is file sharing and shall not be encouraged. :nono:nono:nono:nono:nono :D:D
 
If you are a policeman or an agent of The Crown have your IT Forensic blokes have a look... otherwise I'm not sure why you're asking here.

:cool:
 
If it for prosecution reasons it should be passed to the investigating authority but if for civil or defence the below may asssit.

There are proffessional companies that do evidential work on computers for solicitors and legal firms A search or two on some of the legal sites will probably throw up their details.

Some security companies will also do it or be able to refer.
 
Nippy Normans supply Touratech, Wunderlich, Desert Fox and many other makes of accessories.
You must log in or register to reply here.

Similar threads

PIGGLET
A buyers guide / Info for potential new bike buyers, mainly aimed at MTB.
Replies
17
Views
1,523
davidfbmw
New hard drive, and a virus.
Replies
9
Views
2,847
SOAA
SOAA
PanEuropean
  • Sticky
How to improve performance of Garmin Zumo 660 / 665 devices
Replies
4
Views
4,840
(RIP) Spangle
Help with Cloning Thinkpad Hard Dive to SSD
Replies
0
Views
847
Walowiz
Got me a Tracer 900
Replies
9
Views
4,451
Greenman14
Greenman14


Back
Top Bottom