|
Forensic Preservation | Forensic Examination
Computer forensics is the analysis of information contained within and created with
computer systems and computing devices, typically in the interest of documenting what
happened, when it happened, how it happened, and who was involved.
This can be for the purpose of performing a root cause analysis of a computer system that
had failed or is not operating properly, or to find out who is responsible for misuse of
computer systems, perhaps even committing a crime using a computer system or against
a computer system. In many cases, information is gathered during a computer forensics
investigation that is not typically available or viewable by the average computer user,
such as deleted files and fragments of data. Special skills and tools are needed to obtain
this type of information or evidence.
ACR’s certified engineers follow industry standard forensic practices and guidelines
because we understand the importance of proper evidence handling procedures to
ensure the examination process is forensically sound, defensible and the results
repeatable.
These services can include:
- Forensic preservation of hard drives as well as removable devices
- Preservation of a targeted collection of files or folders
- Examination of user‐created data with keywords, date range and by file types including unallocated space
- Identify and extract hidden or password protected data
- Malware analysis scan to find evidence of hidden programs or malicious code
- Social media analysis
- Recovery of deleted data that has not been overwritten
- Development of a court‐ready forensic lab analysis report
- Examples of ACR’s various forensic offerings are described in greater detail on additional whitepapers, with sample documents available upon request.
The ACR Forensic Preservation service is designed to provide data collection and preservation for computers
belonging to the corporate enterprise. Our EnCE (Encase Certified Examiner) certified experts will make a forensic image or bit by bit copy of
the original media, while documenting the process such that it is forensically sound and admissible in a
court of law.
This ACR service utilizes industry standard forensic software and hardware to identify and preserve the
necessary data. ACR’s certified forensic examiners follow strict guidelines to ensure a forensically sound
and legally defensible data collection as well as to ensure that the data integrity is preserved. A court‐ready
forensic lab analysis report will be prepared and provided to detail the analysis procedures that were
conducted, as well as the results.
The ACR Forensic Examination service analyzes digital data to conduct a thorough, court‐validated
computer‐related investigation. This can be a full forensic investigation or a targeted
(e‐discovery) request. Our certified experts will investigate preserved data while maintaining
chain of custody to properly safeguard evidence and ensure such evidence is admissible in a court
of law.
Features and Benefits:
Forensic Examination provides the following features and benefits:
◊ Recovery of deleted or hidden data
◊ Identify and extract password protected data
◊ Analysis of metadata to determine date and time stamp (creation date, last modified, etc.)
◊ Log file analysis and auditing to determine user logins and file access
◊ Keyword searching of user created data
◊ Date range search of user created data
◊ Investigation of mail clients (Lotus Notes and Microsoft Exchange) |
