Quote: Originally Posted by bobland
On shows like CSI, the misinformation is so stupendous, it is laughable.
They are laughable because it is a television show.
I think you are confusing 'reality crime shows'
with 'factually ambiguous styleized crime shows'.
Your answer as to how
data is recovered has been answered.
The simple truth is that it is possible to varying degrees, to recover data as previously mentioned, but not in the manner that is portrayed on shows like CSI.
There is no single 'delete me properly and your safe file/location' that can be uncovered.
It's a case of methodical and often time consuming effort - not 5 sec tappity-tap 'got it!' by some TV uber-geek.
Quote: Originally Posted by ignatzatsonic
Does law enforcement look in particular folders on the hard drive for search strings? If so, what folders?
Temp folders, browser data folders that contain information about internet history etc
From reading this thread, I don't see any answers on the point.
Then I'm afraid you didn't look hard enough.
But I found nothing in the article regarding folders, locations, wiping, overwriting, etc.
Quote: Originally Posted by The article you read but saw no mention of the above
Find every file on the computer system, including files that are encrypted
, protected by passwords, hidden or deleted, but not yet overwritten
The original system should remain preserved and intact. *No chance for overwriting data* Recover as much deleted information as possible using applications that can detect and retrieve deleted data
Analyze special areas of the computer's disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer's drive is called unallocated space
. That space could contain files or parts of files that are relevant to the case.) *IE After being formatted*