Hello All,
I am a newbie to digital forensics and havent found any article about the steps i should take after cloning of a suspect hard-disk
I would like to know what software are suited for examining?
Secondly I have got a disk as an assignment and i have found PGD files in it. Any one with any idea how to view these files?
I guess these are PGP Disk Files but not sure about it?
If they are is there any tool to find out the encryption key??
well i hope u people will help me
adnan
There are a lot of threads on examining tools in the forums; EnCase is the most widely used (but most expensive), Access FTK is also good and you should take a look at WinHex - the basic version is free. There's plenty of good free stuff aorund especially if you use Linux.
Use http//filext.com to find file extensions. PGD is explained there.
Maybe your 'suspect' has left the encryption key in plain text in a Word document or email? Those are the easiet places to begin your search.