Internet
Fact-checked

At EasyTechJunkie, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What is Forensic Data Recovery?

Mary McMahon
Mary McMahon
Mary McMahon
Mary McMahon

Forensic data recovery is a process which is used to retrieve data which will be used for legal purposes. This technique is classically used in criminal or civil investigations which are designed to yield information which can be used in court, although forensic data recovery can also be used by auditing firms and in a variety of other circumstances. This process is performed by trained technicians who have studied computer science, information technology, and forensics.

The need for data recovery is not uncommon; many people have experienced lost or corrupted files at some point in their lives, and some are familiar with the techniques which can be used to restore or rebuild such data. Forensic data recovery is similar, but a bit more complex, because it also includes accessing areas of a computer which would not normally be seen or used to check for specific activities of interest, along with data recovery which is aimed at recovering data which was deliberately erased, damaged, or corrupted.

Forensic data recovery involves the acquisition of sensitive data stored on a physical hard drive that will assist in a criminal investigation.
Forensic data recovery involves the acquisition of sensitive data stored on a physical hard drive that will assist in a criminal investigation.

Sometimes, forensic data recovery is as simple as trying to reconstruct the information on a damaged hard drive, disc, or memory card. At other times, it may include the resurrection of data thought to be lost or deleted, the bypassing of security systems, or the study of a computer system to look for traces of illegal activity. It can be applied to situations ranging from suspected cases of creative accounting to analysis of a computer believed to belong to a sexual predator to look for incriminating or identifying information.

Computer forensics specialists can sometimes retrieve information that was meant to be destroyed or deleted.
Computer forensics specialists can sometimes retrieve information that was meant to be destroyed or deleted.

Instead of looking specifically for files, which is what most people do when they engage in data recovery, forensic data recovery specialists are primarily interested in information. They don't necessarily care what form the information is presented in, and they can use a variety of techniques to fill in missing pieces or make information meaningful. For example, a technician might uncover and restore a damaged or deleted partition, looking for traces of information which could reveal how and when the partition was used.

Because specialists in forensic data recovery may be working with computers which have been seeded with safety measures to prevent legal investigations, they must use special procedures to avoid triggering failsafes which could compromise or erase the data. They must also be able to work with information in a way which will not change or compromise it. For example, a technician might copy the data from a hard drive found at a crime scene to another hard drive, resealing the original hard drive in evidence and working with the copy of the data.

Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a EasyTechJunkie researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Learn more...
Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a EasyTechJunkie researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Learn more...

Discussion Comments

anon165897

Use Eraser. If you realize you've got something you shouldn't on your computer. Delete the file with Eraser. If you've already deleted something that should have been erased, run Eraser on the free space of your drive. You can use a 3 pass Department of Defense erasure technique, all the way up to a 35 pass Gutmann erasure.

I dare any investigator to try to recover data on a hard drive that has had a 35 pass Gutmann erasure used on its freespace. The only data they'll see is the data that exists in files (freespace is wiped now, only file space is left at the time of the "investigation"). Which means you will know exactly what they will see because the only remaining data after such a procedure are files that you too can see. This means 100 percent sureness that you can control what the investigators find out about you.

Very powerful, and very useful software, especially if you have important private data, or you are a cyber criminal.

anon103761

delete early, defrag often.

Post your comments
Login:
Forgot password?
Register:
    • Forensic data recovery involves the acquisition of sensitive data stored on a physical hard drive that will assist in a criminal investigation.
      By: meepoohyaphoto
      Forensic data recovery involves the acquisition of sensitive data stored on a physical hard drive that will assist in a criminal investigation.
    • Computer forensics specialists can sometimes retrieve information that was meant to be destroyed or deleted.
      By: dbj65
      Computer forensics specialists can sometimes retrieve information that was meant to be destroyed or deleted.