Steganography, the art of hidden writing, has been in use for centuries. It involves embedding a hidden message in some transport or carrier medium, and has been used by mathematicians, military personnel, and scientists. They all engage themselves in changing the common language and transferring it through secret and hidden communication.
The objective of this chapter is to make you familiar with the concept of steganography. This chapter covers the various methods in which steganography can be applied either legally or illegally. It discusses the early history and evolution of steganography and highlights the various steganography tools that are used and the salient features of these tools as well.
Data Acquisition and Duplication
Data acquisition is an important step in the investigation process. The data collected from the victim’s system is presented as the evidence. So, the data should be kept with the investigator and produced in the court while the trial is going on. Sometimes instead of data acquisition, duplication of the data is the best way to collect the data. Duplicated data can also be presented at the court.
This chapter deals with data acquisition and data duplication process which are the important aspects of the forensic investigation. It also highlights the popular tools required during the data acquisition and data duplication process.
Forensic Investigations Using EnCase
Encase is widely known and used tool in the forensics. It helps to collect and verify the evidences for the investigation process. This chapter covers the evidence files, verifying file integrity, configuring encase, searching, and bookmarks.
This chapter describes the complete process of forensic investigation using EnCase.
Recovering Deleted Files and
During the investigation of the computer system, an investigator may come across a situation where the evidences of the crime are deleted from the system. In this case, an investigator should know how to recover the deleted files, which can be used as evidence. Deleted files and deleted partitions can be a good source of evidence which are useful to provide an important clue in the investigation.
This chapter covers the various methods in which a forensic investigator can recover the deleted files. It deals primarily with understanding the basic concept of recovering the deleted files. The chapter also highlights the various data recovery tools and the salient features of these tools.
Image File Forensics
Image files are the key component in the investigation process. Image files can be presented as evidence in the court. It is important to recover the image files from the attacked computer and preserve it. Image files are delicate and can be corrupted if it is not handled properly.
This chapter covers the various methods in which a forensic investigator can go about recovering the image files. This chapter mainly deals with understanding the basic concept of recovering the image files. This chapter also highlights the various image recovery, steganalysis, and viewing tools that are used in this process.