Cyber Forensics

What Cyber Forensics Can Reveal?

According the Judd Robbins, the expectations from Cyber Forensics are that it:

  • Protects the subject computer system during the forensic examination from any possible alteration, damage,data corruption, or virus introduction;
  • Discovers all files on the subject system. This includes existing normal files, deleted yet remaining files, hiddenfiles, password-protected files, and encrypted files;
  • Recovers all (or as much as possible) of discovered deleted files;
  • Reveals (to the extent possible) the contents of hidden files as well as temporary or swap files used by boththe application programs and the operating system;
  • Accesses (if possible and if legally appropriate) the contents of protected or encrypted files;
  • Analyses all possibly relevant data found in special (and typically inaccessible) areas of a disk;
  • Prints out an overall analysis of the subject computer system, as well as a listing of all possibly relevant files and discovered file data and,
  • Provides expert consultation and/or testimony, as required.Cyber forensics process encompasses five key elements:
  • The identification and acquiring of digital evidence: Knowing what evidence is present, where it is stored andhow it is stored is vital in determining which processes are to be employed to facilitate its recovery. In addition, the Cyber forensic examiner must be able to identify the type of information stored in a device and the format in which it is stored so that the appropriate technology can be used to extract it. After the evidence is identified the cyber forensic examiner/ investigator should image/ clone the hard-disk or the storage media.
  • The preservation of digital evidence is a critical element in the forensic process. Any examination of the electroni- cally stored data can be carried out in the least intrusive manner. Alteration to data that is of evidentiary value must be accounted for and justified.
  • The analysis of digital evidence —the extraction, processing and interpretation of digital data—is generally regarded as the main element of cyber forensics. Extraction produces a binary junk, which should be processed, to make it human readable.
  • Report the findings, means giving the findings, in a simple lucid manner, so that any person can understand. The report should be in simple terms, giving the description of the items, process adopted for analysis & chain of custody, the hard & soft copies of the findings, glossary of terms etc.
  • The presentation of digital evidence involves deposing evidence in the court of law regarding the findings and the credibility of the processes employed during analysis

Leave a comment

Our Office Address

Koregaon Park Annex, Pune

Our Phone Numbers

+91 87110 06622

Our Office Hours

Monday - Saturday - 10:00 - 18:00

Recent News

Recent Posts


Get latest updates and offers.

Netlawgic Legal © All rights reserved.


The Bar Council of India does not permit the solicitation of work and advertising by legal practitioners and advocates. By accessing the Netlawgic Legal Services LLP website (our website), the user acknowledges that:

  • The user wishes to gain more information about us for his/her information and use. He/She also acknowledges that there has been no attempt by us to advertise or solicit work.
  • Any information obtained or downloaded by the user from our website does not lead to the creation of the client-attorney relationship between the Firm and the user.
  • None of the information contained in our website amounts to any form of legal opinion or legal advice.
  • Our website uses cookies to improve your user experience. By using our site, you agree to our use of cookies. To find out more, please see our Privacy Policy.
  • All information contained in our website is the intellectual property of the Firm.