Computer forensics is the oldest of the sub-disciplines that make up digital forensics. Computers are often the main source of digital evidence in civil litigation cases, and with good reason. Computers can contain a massive amount of useful information in a case in and of themselves. They can also contain useful information about other devices like USB thumb drives, cell phones, digital cameras, portable hard drives, server shares, and cloud data. Almost all devices at one point or another circle around back to a computer. For instance, to create a backup of the information on your cell phone, it can be connected to the computer. The same is true if you want to get the pictures off a digital camera or USB thumb drive.
Computer forensics consists of examining evidence found on a computer hard drive and, in some instances, the examination of data on other hardware components within the computer, like the memory. The foundation of computer forensics is data recovery, and much of this sub-discipline revolves around that aspect.
While cell phones have surpassed computers as the primary form of evidence in most case types, computers still reign supreme in many forms of civil litigation. It is hard to imagine working without the use of technology today, and the hyper-connectivity of businesses is only accelerating. This connectivity requires computers, servers, and peripheral electronic devices to facilitate our modern work environment.
While this connectivity can increases the efficiency and quality of our work, along with it comes challenges, mostly surrounding the protection of sensitive data.
Confidential customer lists, proprietary information, and executive strategy documents are being transferred out of an organization by employees, or former employees, as we speak. These transfers do not require technical sophistication. Filesharing applications, cloud-based services, messaging applications, and personal email accounts can all be used to exfiltrate data. Sometimes these activities are intended by the employee, and at other times, it is done by accident or by an automated process of the computer. In all of these instances, a computer forensic examination would be needed to determine the root cause.
The forensic technology and methods utilized by our experts ensure that the data is preserved in such a way that it is defensible in courts and in accordance with digital forensic best practices and industry standards.
Even if your matter is complex, with data in multiple locations and formats, our team has the people-power and technology to comprehensively gather the relevant data for analysis.
At the heart of digital forensics is data recovery. Regardless if the data has been deleted, manipulated, or corrupted, our team has the expertise to recover data in a forensically sound and defensible manner.
Even if you recover mountains of data, it often needs to be analyzed, interpreted, and explained to stakeholders. We leave no relevant stone unturned in our examinations, and we strive to explain these findings in plain language.
Our experts have the certifications, credentials, education, experience, and expert testimony history to serve as a credible expert witness in your case.
Computer Forensics services may include:
- Magnet Forensics Certified Examiner (MCFE)
- Certified Expert in Cyber Investigations (CECI)
- Encase Certified Examiner (EnCE)
- Digital Forensics Certified Practitioner (DFCP)
- Certified Blacklight Examiner (CBE)
- Certified Computer Examiner (CCE)
- Certified Forensic Investigation Professional (CFIP)
- Certified Mac Forensics Specialist (CMFS)
- OSForensics Certified Examiner (OSFCE)
- Certified Information Systems Security Professional (CISSP)