There are many different types of computer forensics software, and each is made to perform a different task that assists in mining information from a computer. Data recovery, which goes through an entire computer and captures all the information stored in its registries and hard drive, is one of the most common computer forensics software programs. While every file can be found and opened on a computer, using a specialized text-capture program will instantly import all the text into another file, so it can be easily read and searched. Keyword forensic programs allow the operator to search for certain terms. Volatile data recover tools search through sections of the computer where the memory usually is lost after being turned off.
Perhaps the most iconic computer forensics software is the data recovery program. There often are a lot of files and applications stored on a computer, but this program will sweep through the computer to find and categorize all of them. Hidden information stored on the computer — such as erased files or memory that is only in registries — also can be unlocked with this type of program.
Text-capture computer forensics software is optimized for scanning text. When data recovery is used, the program can find all the text files, but the operator will have to go through them individually to find any incriminating evidence. With a text-capture program, the program will go through the text files, copy the text and then paste it into another document for the operator to read through. This usually makes it easier to search the text with search-and-find functions.
Similar to the text-capture program is keyword-based computer forensics software. Unlike text-capture, which specifically works with text files, this will search through image names, information in applications and all other files. When this program is used, the operator will type in one or several keywords, and the program will return all information that matches the keywords.
Many computers have volatile components and, as the computer is turned off, the memory is slowly erased from this hardware. Without volatile data recovery, this information may be lost forever, taking any incriminating evidence with it. Retrieving this information usually is beyond most forensics software. This program is able to search the volatile registries to find this information, which then can be copied and replicated on the operator’s computer.