Services we provide within the Computer Forensic Field · Analysis of Computers and Data in
Criminal Investigations |
| What Is Computer Forensics? Simply put computer forensics is the collection, preservation, analysis and presentation of computer related evidence. Computer forensics utilizes specialized hardware and software tools to duplicate exact data from the original computer data. All recovery, analysis and evidence collection is done from these duplicate images. The original computer data is never altered, but rather preserved for verification of the findings. The proper collection and analysis of computer evidence is critical in many criminal investigations, civil litigation (electronic evidence discovery) and corporate internal investigations. Finding the “smoking gun” may not benefit an investigation if the examiner cannot establish in a court of law that the subject computer evidence was not corrupted or tampered with. The techniques we use enables the non-invasive recovery of all existing information on the subject drive, including deleted files and fragments thereof, while preserving a proper chain of custody under standard computer forensics protocols. |
| Why computer forensics? The vast majority of documents now exist in electronic form. No investigation involving the review of documents, either in a criminal or corporate setting, is complete without including properly handled computer evidence. Computer forensics ensures the preservation and authentication of computer data, which is fragile by its nature and can be easily altered, erased or subject to claims of tampering without proper handling. Additionally, computer forensics greatly facilitates the recovery and analysis of deleted files and many other forms of compelling information normally invisible to the user. |
| Prior to conducting on-site electronic discovery, preliminary information pertaining to the target machine and operating systems must be determined. Each computer system (platform) is different, and poses different types of technological issues for the effective and non-invasive imaging of the media. Determining in advance whether the computer is a desktop or notebook, the size and type of the hard drive, the manufacturer and year of manufacture, the operating system, and the type of browser and email package being used (Netscape mail, Outlook, AOL, etc.) is critical and will eliminate the potential for numerous technological glitches in the field. Each computer may require a different type of interface or adaptor. Additionally, determining the system architecture of the opponents’ premises will assist the forensic examination team in verifying that all applicable systems and source media are identified and imaged. |
| In addition to the "traditional" locations of electronic evidence, such as computer hard drives, off-site servers, mirror sites, backup tapes, and removable media such as diskettes, etc., critical evidence may exist in a number of other locations. Some fax machines contain exact duplicates of the last several hundred pages of documents transmitted and received. Digital telephone systems may contain computer logs of all calls made and received, and often store voice mail messages in digital form on hard drives (.wav files). Network audit programs (if properly configured) can contain a history of all files accessed, downloaded or printed. Network firewalls monitor all web sites visited, external (outside of the Network) communication and information transmitted or received from the Internet. |
| Summary During the last five years, there have been exponential advances in technology and with the advent of the Internet; computers have become pervasive in everyday life. As a result, digital data in some form or another will be critical to most types of civil litigation and criminal proceedings. The tools for conducting forensic examinations have also rapidly evolved, expediting the ability for securing evidentiary images, guaranteeing the integrity of digital evidence, and reducing the time and resources necessary for conducting a comprehensive examination of electronic media. There is a rapidly emerging trend to use computer forensics for a broad range of civil litigation matters involving intellectual property rights, trademark infringement, misuse and theft of trade secrets, patent and copyright violations, as well as more traditional matters such as employment law litigation and criminal fraud. |
Here are a few of the services that WADEWARE
Technology Consultants, Inc. can provide to prospective
clients:
Complete investigative support to
include the acquisition and analysis of digital media for
presentation at a administrative or judicial proceeding Detailed investigation of digital
media for evidence recovery in civil and criminal cases Creation of exact image copies of
hard drives, floppy disks and other digital media for use
in a criminal or civil proceeding Enhanced analysis of audio, video
and graphic files Document, E-Mail and financial data
extraction Recovery of accidentally or
intentionally deleted data from standalone PC’s and
workstations Advanced data recovery, to include
extraction of “hard to find” files from network
servers, RAID sets and Network Attached Storage Redaction of undiscoverable (i.e.
privileged) information from documents Expert witness services Documentation and data returned in a
variety of admissible formats (e.g. CD’s, removable
disks, tapes, or on paper)
Creation of custom investigative reports and PowerPointŪ presentations for courtroom |
 |
 |
 |
|---|---|---|
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 * |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
(c) 2004 WADEWARE Technology Consultants, Inc.