Wednesday, 20 January 2016 00:00

Forensic data recovery

Rate this item
(0 votes)

How is forensic data recovery different to other data recovery processes and what service does the user actually require?

What is forensic data recovery…

Forensic data recovery differs quite significantly from other data recovery process, but to the user these differences may not be obvious. Whilst the end result might be the same, the way this is achieved is very different. It is important that the objectives are clear from the outset, because if the hard drives to be examined are not dealt with properly any subsequent claim may well be compromised! Quite simply the ‘forensic’ element of data recovery refers to the information being admissible for legal purposes.

Forensic data recovery is normally associated with data that will be used in legal or court proceedings, whether criminal or civil in nature. More often than not, we are engaged by solicitors where digital evidence is crucial to the outcome of the claim. Data Recovery Specialists are not legal advisers and cannot offer advice on technical areas of law. However, we are able to isolate, acquire and report on digital media and electronic evidence.

Whilst there are no hard and fast rules pertaining to forensic data recovery, the Association of Chief Police Officers publish guidelines for handling electronic evidence. Similarly the Civil Procedure Rules Part 35 are also clear on how evidence should be managed. One crucial and overriding principle is that evidence is not altered. This is so that a second opinion can be sought if required. To do this it is essential that whenever accessing the digital media a write-blocker is used so ensure the integrity of the data is maintained. In maintaining ‘media integrity’, access must also be limited and a full audit trail of who has taken what actions, including handovers, is kept. When it comes to software, there are many utilities which are ‘forensically approved’. Whilst it is not essential that these are religiously used, there must be good reason to deviate from approved utilities.

In addition to recovered data, a forensic report is normally also required. This will detail the people, process and safeguards that were instrumental in the compilation of the recovery. The report is also likely to provide professional opinion to questions posed by legal teams. Opinions based on the ‘burden of proof’ are critical to the outcome of any claim. Rarely are the findings definitive and more often than not, further questions arise from the initial investigation.

Reference: http://www.datarecoveryspecialists.co.uk/blog/what-is-forensic-data-recovery

Last modified on Wednesday, 20 January 2016 09:13
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.