O'Reilly logo

Practical Digital Forensics by Richard Boddington

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Locating digital evidence

Locating evidence from the all-too-common large dataset requires some filtration of extraneous material, which has until recently been a mainly manual task of sorting the wheat from the chaff. But it is important to clear the clutter and noise of busy operating systems and applications, from which only a small amount of evidence really needs to be gleaned. This section describes the processes involved that practitioners follow in their endeavors to locate relevant material to assist an investigation.

Search processes

Search processes involve searching in a filesystem and inside files; common searches for files are based on:

  • Their names or patterns in their names
  • Keywords in their content
  • Temporal data (metadata), such as the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required