Frequently Asked Questions

How does digital forensics work?

Our forensic examiners conduct digital investigations using the latest technology, software and methods. We forensically capture, process and analyze electronically stored information (ESI) both visible and invisible on computers, mobile devices, the cloud and office networks. 

 

Our Digital Forensics experts work closely with clients in this to:

 

  • Identify the purpose, scope of the investigation, key issues and relevant data to be reviewed.
  • Identify the custodians and where the relevant data resides. 
  • Provide flexible data acquisition methods such as, on-site, drop off at our lab, on the cloud or remote. 
  • Legal consent forms are signed to allow us examine the evidence and expectation of privacy is preserved. 
  • All devices and evidence are meticulously documented with a complete chain of custody.

 

Once the custodians and data sources are identified: 

 

  • The original digital evidence is forensically imaged in a write-blocked environment to ensure the source media is not altered.
  • The forensic image is verified against the original media device using a hashing algorithm. 
  • A working copy of the original forensic image is created and used during the examination process.
  • The original forensic image is kept for preservation purposes and safe keeping.
  • The original media is returned to the client.

 

Our forensic examiners use the latest software and technology to review evidence related to your case. We use data artifacts to reconstruct events and answer core questions related to the case.

 

In the event a report is required by the Court or your adversary, Axiana certified forensic examiners will prepare a report detailing the scope of the examination, the devices examined, the methodology we followed, the evidence uncovered and the conclusions of our examination.  

Our reports are designed to ensure the validity, reliability and soundness of the digital evidence used for our analysis and conclusions. 

 

The majority of cases are usually settled out of court. However, a small number of cases require a digital forensics expert to testify in court or through deposition testimony. Our process is built, step by step, to endure any scrutiny we should face in court. Our digital forensics experts are experienced and equipped to testify and defend: 

  • The methodologies used during the digital examination.
  • The integrity and validity of the data examined.
  • That our conclusions are based on facts derived from our analysis of the digital evidence and are within a reasonable degree of digital forensic certainty.

When should you consider using a Digital Forensics Expert?

  1. Discuss the facts of the case with your client and determine whether digital evidence has to be examined, analyzed and produced.
  2. Ensure that digital evidence is forensically preserved by a third party to avoid allegations of intentional or unintentional spoilation. Failing to preserve digital evidence can spell disaster for your case.
  3. Do you have the necessary knowledge to discuss during meet and confer digital evidence with the opposing party in a manner similar to using a Request for Production of Documents? Do you have the necessary knowledge on how to gain insight into any relevant evidence your client or the opposing party holds?
  4. Determine whether computers were used as the instrument of a tort, crime, or violation of policy.

How can I explain Digital Forensics to my Client?

The National Institute of Science and Technology (NIST) defines Digital Forensics as: “the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Also, as: “The process used to acquire, preserve, analyze, and report on evidence using scientific methods that are demonstrably reliable, accurate, and repeatable such that it may be used in judicial proceedings.”

What types of cases is digital forensics useful in?

  • White color crime
  • Fraud & Embezzlement
  • Theft of Trade secrets
  • Intellectual Property Theft
  • Employment disputes
  • Matrimonial & Family Matters
  • Data Breaches & Incidence Response
  • Professional Malpractice
  • Patent & Trademark disputes
  • Recovery of digital evidence
  • Criminal cases – Fraud & Bribery
  • Anti-Forensics
  • Partnership Disputes
  • Evidence spoliation
  • Authentication of Digital Evidence
  • Court Certifications and Affidavits
  • Rebuttal Expert Reports
  • Sexual Harassment

Will Digital Forensics examination disrupt my business?

No – we have flexible options for data collection that interfere with your business operations as little as possible. The data collections process will vary depending on the devices and amount of data; however, this can be done remotely or during non-business hours to avoid business disruptions.

What makes a good Digital Forensics Examiner?

First and foremost, a good forensic examiner must have:

  1. Training, Certifications and Experience
  2. Robust protocols and controls to ensure their process, methods, and analysis will hold up under the most intense scrutiny in court.
  3. The expertise and experience to extract relevant data, reconstruct events and answer core questions related to the case.
  4. Technical and analytical skills
  5. Strong Communication and data presentation skills
  6. Command Over Cybersecurity Concepts
  7. Attention to detail
  8. High ethical and moral standards

How much does it typically cost for a Digital Forensics analyst?

Depending on the scope of the case, prices can range from $275/hour or a flat fee per device for data acquisition. Please call 800-262-3552 or email forensics@axiana.com to send you our schedule of fees. 

What is eDiscovery?

Electronic discovery also known as e-discovery, e discovery, or eDiscovery, is the process that during litigation the opposing parties identify, collect, preserve, analyze, search, review, and exchange information in digital format using it as evidence.  

 

Examples of the types of ESI included are emails, instant messaging chats, documents, accounting databases, Web sites, and any other electronic information that could be relevant evidence in a lawsuit.  Also included in eDiscovery are “raw data” and “metadata,” which digital forensic investigators can review for hidden evidence.

Who uses eDiscovery?

Law firms, corporate legal departments, and governmental agencies that typically contract with eDiscovery professionals. Depending on the needs of the organization or individual, an eDiscovery professional may do the following:

  • Help collect, process, review, analyze, produce, and store ESI
  • Serve as liaison between legal team and IT personnel
  • Use technology to facilitate discovery
  • Educate on eDiscovery procedures and laws
  • Ensure compliance with federal ESI laws
  • Create policies around ESI

What is ESI?

Examples of the types of ESI included are emails, instant messaging chats, documents, accounting databases, Web sites, and any other electronic information that could be relevant evidence in a lawsuit.  Also included in eDiscovery are “raw data” and “metadata,” which digital forensic investigators can review for hidden evidence

What are the stages of the eDiscovery process?

Officially, the Electronic Discovery Reference Model (EDRM) framework outlines the standards of the eDiscovery process. The following are officially recognized phases of eDiscovery. The phases may need to be repeated as researchers understand more about the data.

  • Ediscovery Stage 1: Information Governance.
    • Organize and maintain data in a way that mitigates risk and cost should an entity have to perform eDiscovery.
  • Ediscovery Stage 2: Identification.
    • Determine location, scope, breadth, and depth of ESI. 
  • Ediscovery Stage 3: Preservation.
    • Ensure that ESI is protected.
  • Ediscovery Stage 4: Collection.
    • Gather, process, and review ESI for use in the eDiscovery process.
  • Ediscovery Stage 5: Processing.
    • Reduce the volume of ESI and convert to more usable forms (for review and analysis).
  • Ediscovery Stage 6: Review.
    • Evaluate ESI. Determine what data is important and who needs to have it.
  • Ediscovery Stage 7: Analysis.
    • Evaluate ESI for content and context.
  • Ediscovery Stage 8: Production.
    • Deliver ESI to others in appropriate forms and use appropriate delivery mechanisms.
  • Ediscovery Stage 9: Presentation.
    • Display ESI before audiences (at depositions, hearings, trials, etc.), especially in native and near-native forms, to elicit further information, validate existing facts or positions, or persuade an audience.

EDiscovery begins from the time a lawsuit is in motion and runs until the digital evidence is presented in court. The process can be broken down into three general phases:

  1. Attorneys identify the ESI and custodians relevant to the litigation and place the data on a legal hold.
  2. Both parties determine scope, identify any relevant data, and make eDiscovery requests and challenges. There is generally some back and forth regarding search parameters.
  3. Certified professionals extract the evidence, analyze it, and then convert it into a usable format (e.g., PDF) for court. These experts use analytical search techniques like pattern and trend identification to search and use resources more efficiently.