DATA RECOVERY PROCESS
     HARD DRIVE CRASH
Desktop Drives
Laptop Drives
External USB Drives
RAID Arrays
Network Attached Storage
 
Apple/Mac Data Recovery
Linux Data Recovery
 
Electronic Failure
Mechanical Failure
Firmware Corruption
ATA Password Retrieval
Ghosted HD recovery
Data wiping
Forensic Investigations
     REMOVABLE MEDIA
Tapes
Flash Storage
USB "Pen Drives"
All CD & DVD media
ZIP/JAZ products
iPod/iPhone
Untitled Document

Forensic Investigations


Forensic Investigations


This service is available to Lawyers, Solicitors, Banks, Financial institutions, Police Forces, Governmental Departments and personnel home users.
The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial. In the early days of computers, it was possible for a single detective to sort through files because storage capacity was so low. Today, with hard drives capable of holding gigabytes and even terabytes of data, that's a daunting task. Detectives must discover new ways to search for evidence without dedicating too many resources to the process.


We understand the legal issues surrounding the collection, analysis and protection of electronic data for litigation purposes.

  • CompuRecovery provide digital investigation services into all types of computer and internet related crime
  • Our electronic evidence and forensic investigation procedures are ISO9000 certified
  • We act for both prosecution and defense
  • Recovered data is imaged using EnCase ®, the court-validated industry standard for documenting evidence in the following types of cases:
    • Computer & internet fraud
    • Computer misuse in the workplace
    • Internet child pornography
    • Digital theft involving intellectual property
    • Forensic accounting

Whether the system is a standalone computer, portable device or part of an integrated network, our technicians will lead you through the process from the initial evidence gathering or fact finding, to the successful result.

  • Expertise on initiation of an investigation where data recovery is required
  • Expertise on the seizing and securing of that evidence
  • Recover data that was considered deleted long time ago
  • Examine the recovered data
  • Provide easy to read technical reports

Our clients are guaranteed confidentiality and all case-related communications are strictly confidential. Data is securely stored on a company server using latest encryption techniques.


The science of computing and the laws of evidence are both complex, we therefore insist that prior to any specific computer forensic investigation being initiated that a protocol for our engagement is established, and that this protocol is fully understood and capable of being implemented by all the parties involved in the planned investigation. To achieve this we will consult with a client to:

  • Identify where evidence is likely to be located.
  • Undertake a review in order to establish what types of hardware, software, systems and back-up material might relate to the potential evidence being sought.
  • Communicate a plan for the collection and analysis of data, the processing, documentation and reporting of information,
  • Produce an estimate of timescales and costs involved.
  • Present a formal contract describing matters of confidentiality etc.


CompuRecovery uses specific applications to recover and image the media in question. Using the data image produced our forensic experts can then search computer system and files for evidence.
Our computer forensic analysts are always operating under the primary instruction and guidance of you the client or your legal counsel in any particular matter. CompuRecovery experts are able to advise, interpret and piece together information for you in a comprehensive manner and detail a thorough account of events, computer usage and content according to the recovered logs.
Once the investigation is complete we will support your case by preparing and submitting reports required about the evidence found, and the means by which it was discovered. We will also provide data for affidavits or other pleadings and expert testimony.
Computer based electronic evidence is no different from text contained within a document. For this reason, the evidence is subject to the same rules and laws that apply to documentary evidence.
Operating systems and other programs frequently alter and add to the contents of electronic storage. This may happen automatically without the user necessarily being aware that the data has been changed.
In order to comply with the principles of computer based electronic evidence, wherever practicable, an image should be made of the entire target device. Partial or selective file copying may be considered as an alternative in certain circumstances e.g. when the amount of data to be imaged makes this impracticable.


The following general guidelines are however useful to note when seizing computers and equipment potentially related:

  • Ensure that you gain control of the premises and the occupants.
  • Do not allow anyone to touch the computers or equipment.
  • Do not in any circumstances power the computer or equipment on.
  • Make sure that the computer or equipment is switched off.
  • Laptops may power on by opening the lid.
  • Remove the battery from laptop computers.
  • Unplug the power and other devices from sockets.
  • Note that a computer may be in stand-by mode and may be accessed remotely, allowing the alteration or deletion of files.
  • Photograph the scene and all of the components, ensure that the picture depicts the layout of the equipment, floppy disks and other storage media and is date and time stamped.
  • Ensure all items are secured that will allow the reconstruction at a later date.
  • Search the area for diaries, notebooks or pieces of paper for passwords.
  • Ask the user if there are any passwords and if these are given record them accurately
  • Do not take advice from the owner/user of the computer.
  • Photograph the information displayed on the screen.
  • For all desktop computers remove the power supply by pulling out the end attached to the computer and not that attached to the socket.

Typical List of Items for seizure:

  • Main unit : usually the box to which the monitor and keyboard are attached
  • Monitor, keyboard and mouse
  • Connectivity cords
  • Power supply units and leads
  • Hard disks not fitted inside or connected to the computer
  • Modem or router  equipment
  • External hard drives and other external devices
  • Wireless network cards
  • Digital cameras and web cams
  • Floppy disks
  • Back up tapes
  • Jaz/zip drives
  • CD
  • DVD
  • PCMCIA cards
  • Memory sticks and memory cards
  • Manuals of computer software

There are dozens of ways people can hide information. Some programs can fool computers by changing the information in files' headers. A file header is normally invisible to humans, but it's extremely important -- it tells the computer what kind of file the header is attached to. If you were to rename a .doc file so that it had a .gif extension, the computer would still know the file was really a .doc because of the information in the header. Some programs let you change the information in the header so that the computer thinks it's a different kind of file. Detectives looking for a specific file format could skip over important evidence because it looked like it wasn't relevant. Other anti-forensic tools can change the metadata attached to files. Metadata includes information like when a file was created or last altered. Normally you can't change this information, but there are programs that can let a person alter the metadata attached to files. Imagine examining a file's metadata and discovering that it says the file won't exist for another three years and was last accessed a century ago. If the metadata is compromised, it makes it more difficult to present the evidence as reliable. CompuRecovery searches on physical level and that allows bypassing this trick.


How much will an investigation cost?
For an investigation involving a single IDE computer hard drive and a simple set of comprehensive instructions as to what you want the CompuRecovery to investigate, the cost estimate is usually between $3500 and $6000. For on site operations and/or larger computer networks and/or specialist equipment the price will be based on competitive hourly rates.


Call CompuRecovery and talk your problem through with us on 866-424-5123, or get a quote land we'll call you back

 
Emergency
Login
      Terms & Conditions | Privacy Statement | Fraud Protection | Print Shipping Label
Confidentiality and non-disclosure agreement
Copyright © 2007-2008 CompuRecovery