Computer Forensic Science involves the analysis of a computer or networks of computers to determine user activity and potentially retrieve normal, temporary, hidden and deleted data or data fragments. The procedures and methodology used adhere to the standards of evidence that are admissible in a court of law. It requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. Computer forensics are used during litigation, but more often to determine whether litigation is warranted.
Why is it important?
Destruction of evidence or failure to produce Electronically Stored Information during E-Discovery can lead to costly penalties, sanctions, and loss of the lawsuit as a whole. Data that may be considered as critical evidence in a case can be stored in Hard Drives,Cell Phones, Digital Cameras, PDA’s, CD's, DVDs, Flash Cards, or Tapes and can include:
- Plain text and documents
- Graphical images
- Calendar files
- Attempts to internally or externally intrude in to a network
- Pirated software
- Financial Information & Transactions
- Digital faxes
- Audio files
- Computer applications
- Viruses and spyware
- Cache files
- Internet cookies and sites visited
- Password protected data
- Data that was deleted or otherwise hidden by the user
- Swap files or temporary files created by applications without the knowledge of the user
- Data or other information that will show culpability, intent or other activities by the user
Our Computer Forensic Practices
We use the latest techniques, equipment and software. We follow sound and proven forensic examination procedures to extract data without affecting the integrity of the original media.
- Forensically sterile conditions are established. All media utilized during the examination process is freshly prepared, completely wiped, verified and validated before use.
- All forensic software used is licensed and authorized for use by us.
- The original computer and media is physically examined.
- Proper precautions are taken during copying or access to the original media to prevent transfer of viruses, destructive programs or other inadvertent writes to the original media.
- The contents of CMOS as well as the internal clock are checked and the correctness of time is noted.
- Procedures for media imaging and cloning adhere to the National Institute of Standards (NIST) and the International Society of Computer Forensic Examiners (ISCFE).
- The integrity of the original media is preserved by conducting the examination on an exact copy of the original.
- The original media is secured and kept in a safe place to prevent any access by any unauthorized person or damage by environmental conditions.
- Chain of Custody records are properly maintained and adhered to at all times.
- As members of The Association of Certified Fraud Examiners & the International Society of Forensic Computer Examiners we adhere to strict codes of ethics & professional responsibility and abide by the highest morals and standards.