Before I start talking about technical information and processes, I would like to propose a question. What does traditional computer forensics mean to you? If you can’t seem to find a definite answer, you are not the only one. Many times, when I mention my career in a conversation, the next question follows with “so what does that mean?”
So, you’ve just been handed a hard drive from your boss who gives instructions to find all the vital information on a storage device. You are immedietly excited for your first solo assignment, until you look down at the hard drive and think: “Now what do I do?” Do you plug it in to your computer and start to investigate? Do you use one of the tools that you find in the lab to interrogate the hard drive? Let’s discuss the options available that may come inhandy if you ever find yourself stuck in this position.