In the past decade there was an immense development in the field of technology and considering the present situation where everything is digitized, there is also a rise in a new class of crimes in relation with the digital or electronic domain, increasing at a rate of 100% every year and this throws new challenges for the investigator and law enforcement in preventing the frauds and identifying the fraudsters. Digital/ Multimedia forensics typically deals in obtaining, preserving and documenting digital and electronic data/ evidence from computers, mobile phones, CCTV, digital cameras, pen drives/ flash drive/ memory cards and other storage media, using various licensed software and hardware tools.
The best evidence is the original evidence. Evidence needs to be protected, against
normal accidents, accidents in the analysis process, and tampering. For this reason, the
actual analysis should be done on a verified copy, a forensic duplicate, of the original
hard drive. Verification of evidence before starting analysis is an important step.(read more)
Hash value of the evidence is computed and compared it with the hash value taken at the time of acquisition. If both the values are same, there is no change in the content of the evidence. If both are different, there is some change in the content. Analysis is the process of collecting digital evidence from the content of the storage media depending upon the nature of the case being examined. This involves searching for keywords, picture analysis, time line analysis, registry analysis, mailbox analysis, database analysis, cookies, temporary and Internet history files analysis, recovery of deleted items and analysis, data carving and analysis, format recovery and analysis, partition recovery and analysis, etc.
Memory cards and pen drives may contain a vast amount of data. Any kind of
file may be stored on a memory card/pen drive, from standard photographs taken by the handset camera to
Microsoft Excel spread sheets containing detailed financial information, and more, to prevent
any further data being written to the card, the memory card is removed before the handset is activated and is then
examined using the forensic application. (read more)
This program takes a complete image of the card and verifies it using an MD5 hash, a mathematical equation that highlights any difference between the created image of the card and the data stored on the card itself. The card is searched for all relevant data types, which are logged in the analyst 's notes and are can be made available in court at any time.
That are deleted are actually just hidden. The only way the file to recover disappears completely is if the same physical space it occupied on the drive is overwritten. Many computer users think that this actually eliminates the information. However, depending on how the files are deleted, in many instances a forensic examiner is able to recover all or part of the original data.
Image enhancement is the process of adjusting digital images so that the results are more suitable for display or further image analysis.
Video/Audio enhancementis the process of adjusting videos/Audios so that the results are more suitable for display or further analysis.
The authentication process determines whether or not the audio recording in question has been tampered with. The software that created the edits will be detected in the HEX information of that edited recording.
Identification of a person from characteristics of voices (voice biometrics). It is also called voice recognitionSpeaker verification is a 1:1 match where one speaker's voice is matched to one template, whereas speaker identification is a 1: N match where the voice is compared against N templates.
Social media posts, status updates, photos, and conversations of an individual are investigated to provide information relevant to a case, to supplement evidence, establish character, support or disqualify an alibi.
We have access to high-powered software that makes for a quicker, more efficient search. We also have a strong understanding of ethics and know what data must be pulled for evidence to be admissible in court. This means we are well-versed in metadata, MD5 hash value, what is required for provability, and the rules that dictate what level of searching, friending, and following is allowed, depending on the case.