Copyright © All rights reserved RBS Computer Forensics   

Integrity

Independence

Insight

What is computer forensics?

Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.

Forensic investigators typically follow a standard set of procedures: After physically isolating the computer in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the hard drive. Once the original hard drive has been copied, it is locked in a safe or other secure storage facility to maintain its pristine condition. All investigation is done on the digital copy.

Investigators use a variety of techniques and proprietary forensic applications to examine the hard drive copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a "finding report" and verified with the original.

It is not sufficient to merely have the technical skills to locate evidence on computer media. A strict chain of custody and documentation needs to be established during the evidence gathering process. Our computer forensics experts fully document all computer hardware, create an evidence file clone of the computer media, and generate an MD5 hash value that will verify the data is not altered during the examination. Our computer forensics experts gather all evidence and ensure that it is preserved in its original form.

- Our specialists are trained in computer forensic methodology. A variety of computer forensics software tools are used to preserve, process, and document computer evidence. We can provide experienced expert witness testimony needed for today’s cyber crime activities.

- Our internal computer forensics capabilities meet potential legal challenges as well as the ever-changing field of technology.

- Your forensic case is fully secured and completely confidential.

Did You Know?

• Deleted computer files can be recovered even after a hard drive is reformatted or repartition?
• Forensic analysis can reveal what web sites have been visited and what files have been downloaded?
• Forensic analysis can reveal what documents have been sent to the printer even if it was a document printed directly from a floppy disk?
• Forensic analysis can reveal when files were last accessed or when files were deleted?
• Forensic analysis can reveal attempts to fabricate or hide evidence?
• In many instances, encrypted files can be decrypted?
• Forensic analysis can reveal deleted e-mail even if a web based e-mail server was used like Yahoo, MSN, or Hotmail.