"I see no more than you, but I have
trained myself to notice what I see."
Sherlock Holmes, "The Adventure of the Blanched Soldier"

WHAT?

Computer forensics (aka digital forensics) is a branch of forensic science pertaining to evidence found in computers, digital storage media, cloud services and social media. Digital forensics in civil litigation is a growing requirement of courts to ensure evidence is properly preserved, processed and presented in court. Digital forensic collections, data extraction, data carving and forensic reports are all part of this growing field.

Our goal is to simplify the "tech speak" between digital forensics, Discovery and the legal process.

TEAM

Our examiners offer a full range of forensic services for any size firm or company and will generate the necessary reports to ensure a forensically sound and legally defensible data collection. Our examiners are trained, experienced, credentialed, licensed and recognized as experts in the field.

We are active members and contributors to the international cyber-investigation community, non-governmental organizations. We keep in close touch with experts fighting cyber crime and renowned leaders in the digital forensics industry.

WHY US?

Our service is provided by forensic analysts that think independently and are vetted to deal with any situation that arises. Why is that important?

Forensic examiners who know how to use a single program and are not aware of what happens behind the scenes are not true forensic analysts, but are merely people using software. These people will not hold up well against skilled forensic examiners who challenge their results and methodology - cases can be won or lost due to the skills of the forensic examiner.

WHY IS DIGITAL FORENSICS IMPORTANT?

Adding the ability to practice sound computer forensics will:

  1. 1. Help you ensure the overall integrity and survivability of your network infrastructure by adding a layer of traceable responsibility and monitored compliance to policies and regulations.

  2. 2. Help you capture vital information if your network is compromised and will help you deal with the case internally if the intruder is caught.

  3. 3. Help you realize that allocating a greater portion of the information technology budgets for computer and network security will ultimately save your organization money.

  4. 4. Help preserve vital evidence or having forensic evidence ruled inadmissible in a court of law.

  5. 5. Help your organization comply with new laws that mandate regulatory compliance and assign liability if certain types of data are not adequately protected.

You can help your organization if you consider computer forensics as a new basic element in what is known as a “defense-in-depth”, which is designed on the principle that multiple layers of different types of protection from different vendors provide substantially better protection approach to network and computer security.

Computer forensics is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to computer forensics are in a state of flux.

Nevertheless, digital forensics can be invaluable in dealing with a rogue or ill-intended employee or ex-employee.

In these cases, having the incriminating information intact and safe from further destruction or obliteration, may prove invaluable in not only dealing with said individual, but in applying recovery measures that could otherwise not be possible at all.

ASPECTS

OF FORENSIC INVESTIGATION

TECHNICAL GOAL: identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case or in internal procedures.

UNDERSTANDING: those who investigate computers have to understand the kind of potential evidence they are looking for in order to structure their search. Crimes involving a computer can range across the spectrum of criminal activity, from child pornography to theft of personal data to destruction of intellectual property.

USE OF TOOLS:the investigator must pick the appropriate tools to use. Files may have been deleted, damaged, or encrypted, and the investigator must be familiar with an array of methods and software to prevent further damage in the recovery process.

DATA TYPES:PERSISTENT data is the data that is stored on a local hard drive (or another medium) and is preserved when the computer is turned off.

VOLATILE data is any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or is turned off. Volatile data resides in registries, cache, and random access memory (RAM). Since volatile data is ephemeral, it is essential an investigator knows reliable ways to capture it.

PERSONNEL: System administrators and security personnel must also have a basic understanding of how routine computer and network administrative tasks can affect both the forensic process (the potential admissibility of evidence at court) and the subsequent ability to recover data that may be critical to the identification and analysis of a security incident.

THE SCOPE OF INVESTIGATION

Depending on the needs, a whole range of different investigative actions can be taken to produce relevant forensics data. Below is just an EXEMPLARY list of actions and checks that reflects the most common scenarios, and can of course be expanded to accommodate other requirements:

  • Active, Archival and Latent Data
  • Hashes and Checksums
  • Conducting Keyword Searches
  • Creating Understandable and Accurate Reports
  • Creating Forensically Sound Working Copies or Images of Media
  • Common File Header Formats
  • Documentation, Chain of Custody and Evidence Handling Procedures
  • Assisting with Motions (i.e., Compel Production of HDD’s, Logs, etc.)
  • Questions to Prepare for/Advising Your Retaining Counsel
  • FAT 12/16/32 File Systems
  • File Slack, Ram Slack, Drive Slack, and Unallocated Space
  • NTFS File Systems
  • Compact Disc Analysis
  • Interpretation of Various Log Formats
  • Interpreting Internet History and HTTP concepts
  • Manual and Automated Data Recovery
  • Metadata for Microsoft Office and PDF Documents
  • Overcoming Encryption Mechanisms And Password Protection
  • PC Hardware Concepts
  • Privacy Issues
  • Rules of Evidence
  • Windows Print Spool Files
  • Windows Registry
  • Windows Shortcuts
  • Windows Swap File
  • Working as an Expert Technical Witness
  • Insurance/liability Issues
  • Viruses and Malware