i will post about digital forensic that i find in a site moment i browsing, i'm sorry before if my english language is bad because i new learn to speak english i wish you can understand with my word in this post.
ok digital forensic is a series methodology that basic from technique and procedure for collecting evidence of proof basic from entities or digital tools or device to allow can to use with legal as digital evidence.
essentially in the digital forensic has 3 main step : namely to find and collect the data , authentication, and analysis. in this i will share about use the software that enter into one of three step it namely to find and collecting a data.
more in the digital crime cases. for lost the trace. digital criminal delete all data that can to turn the evidence.
how we find the data that we was deleted it.
whit this little software help "photorec" we can to recovery the data was deleted it.
"remember data that real we deleted in the fact never sure deleted"
if you install photerec not yet. you can download this link disini. in the fact this tools have been are in the backtrack . this tools is younger brother of testdisk. so if not false. if was installed testdisk means you was install the photorec.
what is the photorec.
you can read the source:
Code:
PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (Photo Recovery) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it'll work even if your media's filesystem is severely damaged or formatted. PhotoRec is safe to use, it will never attempt to write to the drive or memory support you are about to recover lost data from.ok first we walk this application in the root whit type photorec.
and then will display the following image :
and then choice that will you recovery. in this for a experiment you can recovery your flash disk.
if you was choice proceed.
and then will display the table partition. like this following.
choice appropriate your type partition from the your storage media. in this case the flash disk formatted FAT32. so in this case will choice Intel. if was press enter.
and then will display list from type the partition.
just choice the partition format that are. and then press enter search for starting to recovery.
there are also other options for modification the existing arrangement and file Opt to modification
file whatever that will to recovery after.
and then will display window type from file system. only choice other, because one more again we using Flash Disk.
and continue again. display again windows that give the choice to you and all you want to use any way to analysis data that will to recovery.
what is the free means in this here it just only will to recovery data was deleted only.or all
Whole recovery data was deleted, crash or corruped data.
here will choice free, because only want to recovery data that was deleted. because if using choice Whole data that will to recovery will so many and will need the long time.
and then directories as to save data that was recovery.
selanjutnya pilih direktory sebagai penyimpanan data yang telah di recovery
and then recovery will running.
and finished you will see the data that lost or deleted.
