Hello,
I have a customer who wants me to do a forensic recovery on a windows 8 machine, they are concerned partner is using 'various' online services to cheat on them. Your mission is to help me confirm or deny this.
This thread is to discuss how i can get
as much history as possible from the machine in the limited time window i can look at it (12hrs). I have 4 days until they arrive to study and try do a descent recovery, please help me.
I have as my disposal:
1x PC3000 Express kit with software
My current strategy:
1) Map all unused sectors in the drive for later analysis, or preferably the entire drive.
2) Copy existing history from the Windows 8 OS, Firefox and Chrome. (The specifics on this I'm not sure of yet.)
Any help appreciated. I've done plenty of deleted recoveries but this is my first specifically forensic recovery.