Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Criminal Forensics


19 Mar 2011   #21

Win 7 Ult + Starter, XP Pro +Home, 2kAS, Linux Mint 8, SuperOS
 
 

It is in the browsing history of the browser used to make that search, and the saved forms. It is in different places for different browsers.

Then again, Google, Bing and others are probably storing your searches elsewhere on the internet, so there's nowhere to hide. Unless...

You could anonymize your browsing using a service that makes your internet activity appear to come from a different IP address than your own like the Tor project, using a live linux cd installation, then, unless your CSI caught you redhanded, and stopped you shutting down your session before they seized your machine, there'd be no evidence tying you to the searches.


My System SpecsSystem Spec
.

19 Mar 2011   #22

 
 

Quote   Quote: Originally Posted by bobland View Post
On shows like CSI, the misinformation is so stupendous, it is laughable.



They are laughable because it is a television show.


I think you are confusing 'reality crime shows' with 'factually ambiguous styleized crime shows'.


Your answer as to how data is recovered has been answered.


The simple truth is that it is possible to varying degrees, to recover data as previously mentioned, but not in the manner that is portrayed on shows like CSI.

There is no single 'delete me properly and your safe file/location' that can be uncovered.

It's a case of methodical and often time consuming effort - not 5 sec tappity-tap 'got it!' by some TV uber-geek.





Quote   Quote: Originally Posted by ignatzatsonic View Post
Does law enforcement look in particular folders on the hard drive for search strings? If so, what folders?
Temp folders, browser data folders that contain information about internet history etc


Quote:
From reading this thread, I don't see any answers on the point.
Then I'm afraid you didn't look hard enough.

Quote:

But I found nothing in the article regarding folders, locations, wiping, overwriting, etc.
Quote   Quote: Originally Posted by The article you read but saw no mention of the above

Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten

The original system should remain preserved and intact. *No chance for overwriting data*

Recover as much deleted information as possible using applications that can detect and retrieve deleted data.

Analyze special areas of the computer's disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer's drive is called unallocated space. That space could contain files or parts of files that are relevant to the case.) *IE After being formatted*
My System SpecsSystem Spec
19 Mar 2011   #23

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by bobland View Post
No one has answered my question. Where are search data strings stored? I can erase anything on my disks. That is not a problem. My question is out of curiosity. In most reality crime shows, what you see is what you get. On shows like CSI, the misinformation is so stupendous, it is laughable.
Although not what you are looking for, this is interesting to the general computer forensics topic and illustrates that complex tools are available to Law Enforcement personnel: Digital Evidence Analysis: Data Carving and Search String Tools | National Institute of Justice

It isn't necessarily search strings per se that would be stored on the computer, other than in the browser history. Law enforcement personnel would look at bookmarks/favorites, cookies, history, supercookies, flash cookies, browser cache, java cache, IndexDat. As already mentioned, with IP Address, additional tracking could be obtained, not just from Google or other sites, but from the ISP.
My System SpecsSystem Spec
.


19 Mar 2011   #24

windows 7 ultimate 64 bit
 
 

The only sure 100% way to make data unrecoverable is total physical destruction of the drive....
My System SpecsSystem Spec
19 Mar 2011   #25

Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
 
 

What I want to know is how Jeff Goldblum hacked into that alien computer with a Mac in Independence Day. I mean, what OS were the aliens running on that thing?

Is there something Steve Jobs isn't telling us?


Attached Images
 
My System SpecsSystem Spec
Reply

 Criminal Forensics




Thread Tools



Similar help and support threads for2: Criminal Forensics
Thread Forum
Criminal websites are taken down Security News
world's most dangerous criminal threat-Cybercrime Security News
Visa Warns of Fraud Attack from Criminal Group Security News
Criminal hacker 'Iceman' gets 13 years Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:05 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33