Computer Forensics Investigations
What is Computer Forensics?
Computer Forensics is an in-depth analysis of the information and activities which took place on a computer or other digital device. You could think of it as a sort of digital archeology. It begins with a client consultation to discuss the situation and the identification of any digital or electronically stored information (ESI) that may exist. This could be on computer hard drives, cell phones, digital cameras, fax or copy machines, or any equipment that stores information electronically.
Throughout the investigation, you will be kept informed of the progress and results at each step of the way. This review and feedback loop of communications helps to refine and sharpen the focus of the investigation as we put the pieces together. We also provide expert witness testimony in court as needed.
What can we find out?
Once the items of interest have been identified, a specialized copy known as a “Forensic Image” is made of the computer, cell phone or other device. This is far more comprehensive than a regular file copy. It is admissible in court and enables us to use special software and techniques to see information hidden to the normal user. Searches can be done for keywords or phrases, types of documents, chats and emails, analysis of Internet activity or artifacts of particular activities and many other things of potential interest.
How can I use it?
We can answer questions such as what files were deleted and when? Did someone make copies of sensitive documents on a particular date and time? What have they been doing online? Are certain documents genuine or forgery? Are there secret communications going on via non-company email addresses and what information is being sent out? Is there evidence of fraud? Who was using the computer at a specific time? Did our network get penetrated by hackers and what information have we lost? Intelligence gathered may be used to support other investigative activities or litigation needs.
How to get the best results.
Do a professional investigation from the start. Your IT people are not the same as forensics experts. Treat the device like a crime scene. That means, try not to put your digital fingerprints all over the thing by poking around documents right after an employee was fired for example. Why? Because in doing so you may change the file’s “last accessed” time stamp on the system. Often times we will want to know what they viewed last, not what you viewed just after they left. There are some simple things you can do to avoid problems. For example, in some employee matters, putting them on administrative leave during the investigation can preserve rights you may not have with a terminated employee.
To get the best results and control your costs, Call Us early on if you have a problem or think you may need investigative services. The first actions you take in response to an issue can have a great effect on your final outcomes. We can provide guidance to help you get the best results. Take advantage of our FREE initial consultation. Contact us at 310-862-4507 or info@ComputerForensicsManagement.com