Handling Encrypted Data
At some point in the investigation, you’ll likely encounter encrypted data. The course of action depends on the particular type of encryption and the value of the expected evidence once the data is decrypted. If you suspect the encrypted data holds a high value for your case, it will warrant more time and effort to get at that data. Decrypting data can require a substantial effort. Only pursue that course of action when necessary.
Identifying Encrypted Files
Identifying encrypted files is easy. You try to access a file with the appropriate application and you end up getting garbage. The first step you should take in this instance is to find out the type of file you’re dealing with. Most operating systems make assumptions ...
Get Computer Forensics JumpStart, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
