|
What Is Computer Forensics?
We Offer The Following Services:
-
Forensics Imaging
-
-
-
Advanced Review & Analysis
-
-
-
-
|
Computer Forensics is the process of acquiring, authenticating, reconstructing, and examining digital media for evidence to be used in criminal or civil legal matters, or other administrative review processes. Forensics is used today by law enforcement, law firms, corporate security groups, private investigators, and others to gather needed information from computers.
A forensic examination entails searching media images using keywords, file headers and signatures, and other techniques to identify relevant files or items of interest. In addition, forensic processes are used to recover deleted evidence and other obscure evidence sources that remain largely unknown to the average user.
The experienced forensic examiner will ensure the accurate acquisition of the evidence while maintaining the integrity of the evidence. In other words, not even one date or timestamp will be changed during the acquisition. In addition, the examiner will use approved, tested forensic techniques to perform the recovery of deleted data, a detailed examination of the data, reconstruction and timeline of events, and provide detailed but easily interpretable reporting and testimony.
Types of Digital Media Eligible for Forensic Examinations
These days, so many devices depend on computer technology to function and store information, the list of devices from which we can recover data is almost endless, but some of the more popular devices we have examined include:
Desktops, Laptops, Servers, PDA's, Floppy Disks, Compact Disks, DVD's, Cell Phones, Blackberrys, USB Thumb Drives, Digital Cameras, Smart Media Cards, Zip Disks, MP3 Players, Voice Recorders, and Video Recorders. We can examine PC's, Mac systems, and Linux or Unix systems.
What is The Difference Between Computer Forensics and Electronic Discovery?
There are some major differences between computer forensics and electronic discovery. The differences exist not only in the processing, but in the information that is examined and/or produced for review by the legal team. Computer forensics goes much deeper with advanced analytic techniques that can provide even more valuable information. The decision on whether to request a forensic examination versus simple electronic discovery processing depends on the ultimate goal of the case and your information needs.
Electronic discovery addresses active files present on a hard drive. The process will take hundreds of different file types and convert them to a singular format in a database making their contents and metadata available for search and review. It is a very useful and important process in discovery and litigation.
But:
-
 What happens if the files of interest were deleted?
-
What if there was an attempt to hide evidence?
-
What if you need to know how many times a program was accessed?
-
What if the evidence was discarded through normal business processes before any preservation expectation existed?
Computer forensics picks up where electronic discovery leaves off by delving deeper into many more areas of potential evidence that exist on every computer.
A forensic examination can address deleted files by using advanced techniques to recover files and details from the Recycle Bin and the Unallocated Clusters where the deleted data resides. A forensic exam can also address issues such as:
-
File recovery
-
Date and time discrepancies
-
Link file analysis
-
Browser history analysis
-
Swap file analysis
-
Hibernation file analysis
-
Printing spool files and artifacts
-
Partition recovery
-
Windows registry analysis
-
Email recovery
-
Email attachment
-
Base64 recovery and decoding
-
Password cracking
-
Decryption
-
Physical device failure
-
File signature review and analysis
-
Log file analysis
-
BIOS analysis
-
Hidden files
-
Host protected areas
-
Driver analysis
You may not need all of this in your case, but these types of analytical reviews have been the difference in the outcome in more than a few cases.
What Is The Difference Between Computer Forensics and Data Recovery?
Computer Forensics and Data Recovery are very similar in nature, with the subtle difference being most pure data recovery cases do not involve a legal or litigation matter. Thus, many data recovery houses are not equipped, or do not want to testify in a court of law if required.
As a policy, we treat all of the data recovery cases the same.
We never examine or do direct data recoveries from the original hard drive or media device. We make a bit-stream image of the device, using a write blocker to prevent any changes, then we perform all of our recovery efforts from the image. Thus, we can be assured we did not make any changes to your data during the recovery process and we can offer expert testimony if necessary.
Important Factors In Choosing a Forensic Specialist?
When choosing a forensic firm for your computer forensics or electronic discovery needs, it is important to know what you're getting in return.
-
We offer more than 25 years of computer experience, and our lead examiner has more than 8 years of full-time computer forensics experience.
-
Our examiners are court-qualified expert witnesses in the field of computer forensics.
-
We always use sound forensic techniques in examining computers, hard drives, and other media devices, including the use of write blocking techniques, the creation of evidence images and working copy images, and tedious documentation in writing and photographs of the entire process.
-
We only charge for the time our examiners are actually examining your media. We don't charge machine time, by the Megabyte or Gigabyte, or any other complicated billing scheme. We simply charge for the hours our examiners actually are examining your hard drive, straight-forward and simple.
-
Upon request, we will provide you an estimate before the assignment begins and we will make every effort to accomplish the examination goals within the estimated timeframe. And, if we cannot complete the examination within the estimated timeframe, we will provide an explanation in writing, along with a revised estimate for your review and approval.
Where We Respond and Your Options for Service
We can perform forensic acquisitions on-site at the computer location, or in our offices.
We have responded to incidents requiring the acquisition of 50-60 computers at several different locations, simultaneously, in one day. And, with our network of forensic examiners, we can handle many more.
Our mobile and agile services allow us to quickly respond to your office location, homes, law offices, or industrial sites.
Our team can immediately respond to the following locations for service:
-
Arizona - including Phoenix, Scottsdale, Mesa, Tucson, Flagstaff, Chandler, Gilbert, Glendale, Surprise, Buckeye
-
Southern California - including Los Angeles, Pasadena, San Diego, Irvine, Costa Mesa, Long Beach, Orange County
-
Nevada - including Las Vegas
-
New Mexico - including Albuquerque
With a short planning window, we can prepare for response anywhere in the United States and Canada to accomplish the forensic acquisition of suspect computers.
Give us a call for more details.
Call us today for a Free consultation. 480-299-3111
|
FREE Estimates
Forensics 
