MOST USERS ARE UNAWARE THAT COMPUTERS CONTAIN large volumes of hidden data. In some cases, normal system use hides this data. In other cases, people deliberately conceal it using various techniques. As discussed in earlier chapters, hidden data includes fragments of deleted e-mail messages, backup copies of word processing files, deleted directory structures, and files reflecting a computer user's Internet browsing history. A careful examination of hidden data may tell a compelling story about document destruction or theft of intellectual property.

You can use a number of techniques to locate and retrieve hidden information. One method is to scan and evaluate alternate data streams. Another ...