On 17th of January 2025, MCA department of ICIS has organized a workshop on "Forensic Imaging of Suspected Drive File Integrity and Deleted Data Recovery" by Mr. Abdul Shareef Pallivalappil .
The workshop was organized to provide students with an in-depth understanding of forensic imaging and its role in digital forensics. Mr. Abdul Shareef highlighted the critical processes involved in forensic investigations, focusing on three key areas:
1. Forensic Imaging on Suspect Drives
- Mr. Abdul Shareef explained the concept of forensic imaging as the process of creating an exact bit-by-bit copy of a suspect’s drive, ensuring that the data is preserved without any alterations.
- He discussed the importance of using write-blocking tools to maintain the integrity of the original drive.
- Tools commonly used for forensic imaging, such as EnCase, FTK Imager, and Autopsy, were introduced.
- He provided insights into the chain of custody and the importance of documenting every step during forensic imaging.
2. File Integrity Verification
- The speaker elaborated on the significance of ensuring file integrity during forensic investigations.
- Techniques such as hashing algorithms (MD5, SHA-1, SHA-256) were discussed, which are used to verify that the data remains unaltered.
- Real-world scenarios were shared, demonstrating how file integrity checks can confirm the authenticity of evidence in court.
3. Deleted Data Recovery
- Mr. Abdul Shareef explained how deleted data is not truly erased but resides in the unallocated space of a storage device until it is overwritten.
- He introduced advanced recovery tools like R-Studio, Recuva, and X-Ways Forensics that can retrieve lost or deleted files.
- Techniques for recovering files from formatted or corrupted drives were also discussed.
- He
emphasized the importance of knowing file systems such as NTFS and FAT32
for better recovery success rates.
Key Takeaways
- Hands-on Knowledge: Students learned about the tools and techniques used in the real-world investigation of digital crimes.
- Legal Implications: The importance of preserving evidence for legal proceedings was emphasized, highlighting the role of digital forensics in the judicial system.
- Career Guidance: Mr. Abdul Shareef shared his professional journey, inspiring students to explore career opportunities in the rapidly growing field of DFIR.
Student Engagement
The session was interactive, with students actively participating by asking questions on topics such as:
- Challenges faced during forensic imaging of encrypted drives.
- The role of AI and machine learning in modern digital forensics.
- Certifications and skills required for a career in DFIR.
Mr. Abdul Shareef patiently addressed all queries, providing practical examples and advice.
0 Comments