ABSTRACT
The definition of digital forensic analysis varies, but it generally includes aspects of the preservation, identification, examination and interpretation of digital information, intelligence and evidence. It is normally considered a high level' process that is it involves deriving meaning from data rather than being simply descriptive. In practice digital forensic analysis is usually performed with various dedicated software suites. In the UK, Access Data's Forensic ToolKit (FTK) is now commonly used the Access Data Group is a US-based company. The location of potential digital evidence within a particular device will naturally depend in part on the type of device. Digital forensic analysis of the hard drive is always undertaken at the logical level and sometimes also at the physical level. The date the operating system was installed on the computer is shown as the InstallDate. During digital forensic analysis, the forms of hiding of data are recognised by the use of known file filters (KFFs).
