Future technologies from trends in computer forensic science

The origins of computer forensic science are examined and correlated to the evolution of forensic technologies and future research and development. Techniques to recover information from attempts to destroy files or inflict physical damage to the computer are illustrated. Included is a discussion on the specialized environments, tools and techniques required to recover information from physically damaged disks. Magnetic techniques to retrieve data that has been physically overwritten are also reviewed. The physical characteristics of the disks are examined to recover altered data. The influence of magnetic fields on the behavior of domains in the fringe areas are studied to determine previously recorded information. The direction, properties, position and size of the domains are correlated to determine bit values. “State file analysis” is introduced to ascertain the order in which electronic events and hence overall computer events have occurred. Sequences of events can therefore be reconstructed in cases where dates and times are altered or erased. Legal issues for the forensic scientist are as equally important in the recovery process. The significance in procedure and preparation for the courts is addressed describing concerns for both prosecution and defence. Trends in both past and current development are analyzed and correlated to future technologies