The Computer Forensic Analysis process is the methodical approach to examining digital media to establish factual information for civil or criminal matters. This process relies on the complete integrity of data and a strict adherence to best practice, specified in the ACPO Guidelines and the Forensic Science Regulator.
Digital devices such as computers, external hard drives, storage servers and memory cards can hold a wealth of data which may be of critical importance to any investigation. However, specialist knowledge and techniques are usually required to fully extract all possible data and present it to an evidential standard.
IntaForensics have vast experience in the recovery and examination of both present (/live) and deleted data. Through utilisation of exacting forensic tools, a number of key evidential data can be analysed and recovered proving potentially key in investigations. Our experts deal regularly in cases involving encryption, unusual operating systems and other complex investigations. Using both industry recognised forensic tools and bespoke methods developed by our skilled analysts, evidential data can be recovered and analysed, providing key information in investigations.
The type of data we are often able to extract and examine includes:
- Communication data such as Skype calls, Facebook messages and emails
- Deleted files such as documents, images and videos
- Analysis of usage e.g. Documents accessed, files transfered
- Operating system data including system logs, image thumbnails and databases
- Internet artefacts including web history, downloaded data and user account information
The analytical process we can perform include:
- Review of bulk quantities of files to identify relevant information.
- Timeline analysis of log files, user activity and internet artefacts in order to establish a chronology of relevant events.
- Metadata examination of files to establish provenance.
- Analysis of user activity to identify attempts to delete or obfuscate evidence through the use of encryption or anti-forensics tools.
Advice for preserving Computer Evidence
- Cease Use of the Device – Continuing use of the computer could cause changes to the data you are looking to recover, not to mention potential user/technological errors which could cause the data to be lost for good.
- Turn off the Device – This will prevent the data from being lost completely, and allow you the best chances to obtain your desired results.
- Call IntaForensics – Whether data analysis, or simple data recovery, IntaForensics are on hand to assist you whatever your problem. We use a combination of analytical experience, knowledge and the latest forensic tools in order to stand the best chances of obtain the results you require.
Full Computer Forensic Analysis:
This service builds upon the preview analysis service, involving the search, recovery and analysis of all data stored on the device, this will include data that has been deleted that may still be present on the computer, laptop or hard drive. In addition to this, our Full Computer Forensic Analysis services include a court ready Expert Technical Report, which includes all of the relevant findings and further steps, and court ready witness statements, if required. As every case is unique, only through enquiring with us directly can IntaForensics provide the most accurate and transparent advice available.
All internet and communications activity will be extracted for review or production. Any encryption or use of virtualisation will be identified and fully examined for relevance to your investigation.
Depending on the scope of your case, a full examination can be tailored to ensure that all relevant data has been identified and assessed. This can be done either by your instruction or through consultation with our analysts who will be able to draw on their considerable experience to identify likely data of interest to you.
The results of analysis can be provided in either Expert Technical Reports, witness statements or Streamlined Forensic Reports as appropriate.
Preview Computer Forensic Analysis:
This service involves searching the device for readily retrievable (“live”) data. Increasingly, cases can involve very large quantities of devices and data. The preview service is an effective way of identifying which devices are of critical importance to your investigation whilst adhering to all relevant forensic guidelines and legislation. This form of analysis will identify if there is any information present that would sufficiently warrant a Full Forensic Analysis on particular devices and is an efficient way of progressing complex and wide-ranging investigations.
As with all our services, the Preview service also includes a conference call with the assigned analyst to discuss the findings.
Forensic Imaging is the scientific process of creating an exact copy of a computer hard drive. Using a number of specialist software tools, the imaging process is the first step in every computer forensic investigation. The expert will connect the original hard drive to a “Write Blocker” to prevent any data being written to the device. From here, the specialist software creates an exact copy of the hard drive down to the byte. This then acts as the exhibit for further analysis, protecting the integrity of the original evidence.
On-site Forensic Examination:
Where your case involves devices which cannot be removed (such as corporate servers) or devices which are likely to be in use at the point they come into your legal possession, our experts can assist with the forensic recovery of devices to ensure that the evidence is recovered in the most appropriate way. This could involve partial data extraction in civil cases to ensure the continued running of business critical systems or memory capture of live devices to ensure no data is lost when computers are powered off and seized.
With years of industry experience, technical excellence and a dedicated team, IntaForensics are capable of offering the full range of digital investigation services, and are able to adapt to the unique and individual needs of solicitors, private clients, Law Enforcement Agencies and commercial organisations.