- SUPPORT CENTER
- FF FAQ
FINAL Forensics FAQ
Computer Forensics refers to the techniques of obtaining and analyzing digital evidence to prove the crime occurred by using computers or cyberspace. Since crimes involving computers, or the internet, are growing rapidly, this field of computer forensics receives a lot of attention from various investigation units.
In the case of analyzing digital evidence stored in hard disk drives, floppy disk drives, or other external storage devices, the evidence can be damaged by writing data in the targeted device with small mistakes. Therefore, it is safer to analyze a copy of the digital evidence, or original evidence, by using a “write protect device”.
In the first step for forensics analysis, the methods of obtaining digital evidence must be determined.
The storage media that can be analyzed are as follows:
- Hard Disk Drive (HDD): 2.5” & 3.5” IDE/EIDE/SCSI/SATA Interface Hard Disk Drives
- Optical Media (CD/DVD): CD (CDR, CDRW), DVD
- Portable Storage Devices: Floppy Disk Drive (FDD), USB Flash Memory, Various Memory Cards
(SD, CF, MS, and etc.)
- External Storage Devices (EXT): MO, ZIP, Jaz Drive
Supporting File Systems:
- Windows File Systems: FAT (12/16/32), NTFS
- Linux File Systems: EXT2, EXT3, UDF, CDFS
- CD-ROM File Systems: UDF, CDFS
Yes, it is possible. FINALForensics is based upon FINALDATA’s recovery solution; it can recover and analyze a majority of deleted, reformatted, or damaged files. Since normal, or quick formatting (except low-level format), does not delete the actual data, but only initializes the partition information, it is still possible to search and recover using FINALForensics.
FINALForensics, a computer forensics tool, can support these file formats:
- Office File (DOC/XLS/PPT), Adobe File (PDF), and etc.
- Email Files (OUTLOOK, Outlook Express 4.0/5.0/6.0)
Major Compression Files
- ZIP Files (ZIP), AlZIP Files (ALZ), RAR Files (RAR), TAR Files (TAR)
Other Special Files
- Registry Files, File Extension Altered Files, Password Set Files, Web History Files