Forensic Investigations are carried out in order to find who committed a crime, from where and how using a computer system. Considera scenario that in an organization an employee might have disclosed company's private data through the organization's computer. This would result in financial as well as reputation loss. Forensic Investigators need to get an access of all the computers, say, 100 computers throughout the organization. The normal procedure carried out by forensic investigatorsin order to collect the Evidencesis Hard Disk Imagingand further analyzingit in a laboratory.This involves extraction of Persistent and Volatile Data from the Windows Registry as well as the slack space and allocated space.This involves doing the Live Analysis, Dead Analysisor Postmortem for finding the hidden and deleted files from the clusters. This investigation becomes a tedious task when Investigators have to take images of hundreds of hard disks and each of 1 TB. There are many disadvantages of performing this task in terms of time, money and resources. Even there are issues as towhere to securely store 100 TB data. All these questions would make an investigator's task very complex and time consuming. If this time is reduced to half then it would be beneficial to investigators as well as the organizations. Current techniques perform the analysis of a computer systems and help to find evidences but leads to time constraints for any entity. Henceforth, there should be a technique which saves time, money and resources for the organizations and make the job of the investigators easy and less laborious
展开▼
