 | |
| |
| 19 Mar 2011 | #21 |
| | It is in the browsing history of the browser used to make that search, and the saved forms. It is in different places for different browsers. Then again, Google, Bing and others are probably storing your searches elsewhere on the internet, so there's nowhere to hide. Unless... You could anonymize your browsing using a service that makes your internet activity appear to come from a different IP address than your own like the Tor project, using a live linux cd installation, then, unless your CSI caught you redhanded, and stopped you shutting down your session before they seized your machine, there'd be no evidence tying you to the searches. |
My System Specs | |
| 19 Mar 2011 | #22 |
| | 
Quote: Originally Posted by bobland  On shows like CSI, the misinformation is so stupendous, it is laughable. They are laughable because it is a television show. I think you are confusing 'reality crime shows' with 'factually ambiguous styleized crime shows'. Your answer as to how data is recovered has been answered. The simple truth is that it is possible to varying degrees, to recover data as previously mentioned, but not in the manner that is portrayed on shows like CSI. There is no single 'delete me properly and your safe file/location' that can be uncovered. It's a case of methodical and often time consuming effort - not 5 sec tappity-tap 'got it!' by some TV uber-geek.
Quote: Originally Posted by ignatzatsonic Does law enforcement look in particular folders on the hard drive for search strings? If so, what folders? Quote: From reading this thread, I don't see any answers on the point. Quote: But I found nothing in the article regarding folders, locations, wiping, overwriting, etc.
Quote: Originally Posted by The article you read but saw no mention of the above Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten The original system should remain preserved and intact. *No chance for overwriting data* Recover as much deleted information as possible using applications that can detect and retrieve deleted data. Analyze special areas of the computer's disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer's drive is called unallocated space. That space could contain files or parts of files that are relevant to the case.) *IE After being formatted* |
| My System Specs |
| 19 Mar 2011 | #23 |
| |
Quote: Originally Posted by bobland No one has answered my question. Where are search data strings stored? I can erase anything on my disks. That is not a problem. My question is out of curiosity. In most reality crime shows, what you see is what you get. On shows like CSI, the misinformation is so stupendous, it is laughable. It isn't necessarily search strings per se that would be stored on the computer, other than in the browser history. Law enforcement personnel would look at bookmarks/favorites, cookies, history, supercookies, flash cookies, browser cache, java cache, IndexDat. As already mentioned, with IP Address, additional tracking could be obtained, not just from Google or other sites, but from the ISP. |
| My System Specs |
| . |
| |
| 19 Mar 2011 | #24 |
| | The only sure 100% way to make data unrecoverable is total physical destruction of the drive.... |
| My System Specs |
| 19 Mar 2011 | #25 |
| | What I want to know is how Jeff Goldblum hacked into that alien computer with a Mac in Independence Day. I mean, what OS were the aliens running on that thing? Is there something Steve Jobs isn't telling us?  |
| My System Specs |
 |
Criminal Forensics problems?
| Thread Tools | |
| Similar help and support threads for: Criminal Forensics | ||||
| Thread | Forum | |||
| Criminal websites are taken down | Security News | |||
| world's most dangerous criminal threat-Cybercrime | Security News | |||
| Visa Warns of Fraud Attack from Criminal Group | Security News | |||
| Criminal hacker 'Iceman' gets 13 years | Chillout Room | |||
All times are GMT -5. The time now is 03:30 AM.
