Data Recovery: How to recover a deleted document?

Embed Size (px)

DESCRIPTION

The project entails recovering crucial documents that an unsatisfied employee, Jonathan deleted before leaving the company. Jonathan’s crime was evaluated and analyzed to determine how he committed the crime in order to craft proficient ways of recovering the lost file. Proper planning was done before conducting the investigation in order to ensure strict adherence to investigation procedure.Finally the investigation evidence proved that Jonathan did delete the important documents which the investigation team managed to recover.

Text of Data Recovery: How to recover a deleted document?

  • 2011

    YUSUPH KILEO

    DATA RECOVERY

    10/4/2011

    DATA RECOVERY: TO RECOVER DELETED DATA FROM A COMPUTER

  • DATA RECOVERY

    YUSUPH KILEO Page 1

    Contents ABSTRACT ...................................................................................................................................................... 2

    CHAPTER ONE: INTRODUCTION TO THE PROJECT ........................................................................................ 3

    1.1 PROJECT OVERVIEW ...................................................................................................................... 3

    1.2 PROJECT AIMS AND OBJECTIVES ................................................................................................... 3

    1.3 ASSUMPTIONS .............................................................................................................................. 4

    1.4 EVALUATION OF JONATHANS COMPUTER CRIME ....................................................................... 5

    CHAPTER TWO: THE INVESTIGATION PROCESS ............................................................................................ 6

    2.1 OVERVIEW OF THE FORENSIC INVESTIGATION PROCESS ................................................................... 6

    2.2 AUTHORIZATION AND PREPARATION ................................................................................................. 7

    2.2.1 AUTHORIZATION .......................................................................................................................... 7

    2.2.2 PREPARATION .............................................................................................................................. 8

    2.3 IDENTIFICATION .................................................................................................................................. 9

    2.4 COLLECTION AND PRESERVATION .................................................................................................... 10

    2.5 EXAMINATION AND ANALYSIS .......................................................................................................... 18

    2.5.1 RECOVERING ANY DELETED MATERIALS .................................................................................... 19

    2.5.2 RECOVERED MATERIALS ............................................................................................................ 21

    2.5.3 EXTRACTION OF THE MATERIAL FOUND .................................................................................... 21

    2.6 RECONSTRACT ................................................................................................................................... 22

    2.7 REPORT .............................................................................................................................................. 24

    FORENSICS REPORT ............................................................................................................................. 24

    INVESTIGATION FINDINGS .................................................................................................................. 24

    EXAMINATION SUMMARY .................................................................................................................. 24

    CONCLUSION ....................................................................................................................................... 25

    3.0 EXECUTIVE SUMMARY .......................................................................................................................... 25

    4.0 Appendix. .............................................................................................................................................. 26

    5.0 REFERENCES .......................................................................................................................................... 28

  • DATA RECOVERY

    YUSUPH KILEO Page 2

    ABSTRACT

    The project entails recovering crucial documents that an unsatisfied employee, Jonathan deleted

    before leaving the company. Jonathans crime was evaluated and analyzed to determine how he

    committed the crime in order to craft proficient ways of recovering the lost file. Proper planning

    was done before conducting the investigation in order to ensure strict adherence to investigation

    procedure.

    Finally the investigation evidence proved that Jonathan did delete the important documents

    which the investigation team managed to recover.

  • DATA RECOVERY

    YUSUPH KILEO Page 3

    CHAPTER ONE: INTRODUCTION TO THE PROJECT

    1.1 PROJECT OVERVIEW

    This project is segregated into three main chapters which are the introduction, Investigation

    process and conclusion. The introduction highlights the main aspects of the thesis; the

    investigation process describes in detail the steps that the investigation team would take in

    investigating the above highlighted case and the forensic tools used. It must be noted that

    different tools would be used at different phases of the investigation process; therefore for clarity

    usable tools for specific phases would be explained when describing activities of that particular

    phase.

    The conclusion as the name suggests would summarize the main contents of the project as well

    as briefly outline the deducted lessons from the project and the challenges faced and how they

    were mitigated.

    1.2 PROJECT AIMS AND OBJECTIVES

    AIMS

    This project is aimed at evaluating, analyzing Jonathans crime and procedurally recovering all

    the lost crucial files to save Bukit Enterprises from immense loss.

    OBJECTIVES

    In order to achieve the set aim the investigator has formulated the following objectives:

    Strictly adhere to the procedures of forensic investigation.

    Prepare a time management schedule and strictly abide to it so as to timely recover the

    crucial files.

    Encourage team work amongst case investigators.

    Be flexible such that any emerging technologies that may be useful to the investigation

    would be tried in order to acquire accurate evidence.

    Ensure the authenticity and accuracy of all tools to be used in the investigation.

  • DATA RECOVERY

    YUSUPH KILEO Page 4

    1.3 ASSUMPTIONS

    Bukit Enterprises is a company located in the United Kingdom.

    Investigators found Jonathans computer on.

    Jonathan was using win XP as an operating system.

    Jonathan has installed WinRAR software to his computer (Encryption tool).

    Jonathan has no personal data left in the computer.

    Jonathan saved the research documents using word pad.

    Jonathan encrypted the documents before deleted them.

    Jonathan protected the documents with password using his name.

    Jonathan did not first enquire about reasons for management escalating Steven over him.

  • DATA RECOVERY

    YUSUPH KILEO Page 5

    1.4 EVALUATION OF JONATHANS COMPUTER CRIME

    Jonathan was actively involved in the research for years, but that doesnt allow him to delete the

    research documents when he left the job. The research documents he deleted were not his

    property but rather Bukit Enterprises property. It is apparent that Jonathan did not enquire with

    the management reasons as to why Steven was promoted over him. Jonathan rather decided to

    take the law into his hands and delete the Companys documents which as stated if not recovered

    would endure the company a massive loss.

    The question remains, does Jonathans involvement in the research give him the right to delete

    the documents. According to the company regulations and rules the companys document should

    be returned when employee resigned, Like wise on (Akerman, 2011), it highlights a case where

    an employee deleted company files. The court ruling was that an employee should return all

    company documents before resignation.

    Furthermore on (McCullagh.D, 2007) highlights that Jonathan would be found guilty in a court

    of law for as long as the evidence obtained is authentic and accurate. This is due to the fact that

    with the obtained evidence, Jonathan would be prosecuted for violating the Computer Fraud and

    Abuse Act which finds guilty whoever knowingly acquires information from q computer without

    obtain authorization or whoever who exceeds their authorization level to illegally access data and

    causes damage or loss to it. Jonathan had authorized access to the documents, but he exceeded

    his authority scope by deleting the documents.

    Conclusively, (Radcliffe, 2010) further proves that Jonathan would be proven guilty, according

    to the United Kingdom copyright laws, any research or discovery that an employee makes or

    achieves within their scope of employment belongs to the employer. Therefore Jonathan illegally

    deleted Bukit Enterprises crucial documents and hence would be accordingly prosecuted.

  • DATA RECOVERY

    YUSUPH KILEO Page 6

    CHAPTER TWO: THE INVESTIGATION PROCESS

    2.1 OVERVIEW OF THE FORENSIC INVESTIGATION PROCESS

    Forensic investigation is to collect evidence that would prove a crime in a court of law. Same as

    all other projects it has steps to be followed while undergoing the forensic investigations. This is

    to ensure that the gathered evidence is authentic and accurate. Moreover some practices are

    expected of forensic investigators by courts of law.

    In that respect, the steps of forensic investigation