What is Computer Forensics?
Computers forensics is the analysis of information created and stored on computer systems Electronically Stored Information (ESI). It involves the usage of industry-accepted techniques to aid in the identification, preservation, collection, examination, analysis, and presentation of digital evidence. Type of ESI that could be introduced as evidence include:
- Instant Messaging logs
- Security logs
- Electronic faxes
- Video or audio files
- Spreadsheets, word processing documents, databases, etc.
- Deleted documents
- Malicious software applications (peer-to-peer file sharing applications, spyware, viruses, keyloggers, network sniffers, programs violating an Acceptable Usage Policy, etc.)
- Password protected files
- Encrypted files
Where is ESI commonly stored?
- iPads and laptops
- Smartphones and most other cell phones
- MP3 music players, iPods
- Hard Drives
- Digital Cameras
- USB Memory Devices
- PDAs (Personal Digital Assistants)
- Backup Tapes
- CD-ROMs & DVD’s
What are some common circumstances in which digital forensics is used or needed?
- Unauthorized disclosure of corporate information (by accident or intentional);
- Employee Internet abuse or other violations a computer policy;
- Damage assessment and analysis (post incident);
- Industrial espionage;
- White-collar crime;
- Civil litigation cases including:
- sexual harassment;
- discrimination and fraud cases.
- Evidence collection for future employee termination;
Why do I need a properly trained Computer Forensic Examiner?
While In-House IT personnel are capable of handling many technical concerns, most are not trained to accurately create a complete forensic image (not just a copy of a file or system), the most important part of digital forensics. An incomplete forensic image can damage the claim recovery possibilities by destroying possibly admissible evidence.
What if we have already utilized our in-house IT staff and the recovery didn’t go as planned —can you still assist us?
Depending on the damage done by the In-house IT personnel, DFS technicians may be able to recover some of the damaged evidence. However this can be a difficult and time-consuming process that often costs several times more than the original analysis would have cost. If you are in doubt, call us – we will answer any questions you may have.
What does a Computer Forensic examination provide?
Data Recovery of deleted computer files, including hidden files even after a hard drive has been reformatted or repartitioned;
Passwords for protected or encrypted files;
Web sites that have been visited;
Files that have been uploaded or downloaded;
When files were accessed/deleted;
User login times and passwords.
Attempts to conceal, destroy, or fabricate evidence;
Text that was removed from a document’s final version;
Faxes sent or received on a computer;
Email, texts webmail and attachments, even if deleted;
Other types of communications strings (IM chat logs).
Is it digital forensics or data recovery?
which the examiner recovers the files and folders lost from damaged disk drives, media, computers, peripherals or operating systems due to disk or system failure, unintentional deletion, or other unexpected circumstances.
While often times data recovery is the start of an investigation, many times it is the same starting procedure to recover information from a laptop that inadvertently crashed while writing a term paper or a cell phone that has been dropped in the water.
Digital forensics is the more-thorough process of examination and analysis of the data recovery results, resulting in a report of findings that may be used as evidence.
What can I expect after contacting DFS?
After a comprehensive consultation with each client, the DFS team will determine the investigation objective and provide the client with a customized plan of action. DFS always works discretely and keeps our clients informed of examination results in a timely manner.
I am located in another state, can DFS still provide their services?
ABSOLUTELY! While DFS is based out the NYC metro area, we can provide our forensic and investigative services across the country. However, please keep in mind that our Training programs are limited to the New York area since they require local certifications.