Frequently Asked Questions
What is Digital Forensics?
Digital Forensics is the acquisition and analysis of digital evidence in a forensically sound manner. This includes preservation of original media, analysis of evidence and its context, and the proper treatment of digital evidence so that it stands up in court.
When can Digital Evidence be used?
Digital Evidence is being utilized in administrative, civil, and criminal investigations. This includes divorce, administrative cases involving mis-use of computers and/or the network, defamation, sexual harassment, data theft, and industrial espionage.
Where can Digital Evidence be found?
Digital evidence can be found in a number of different places; not just computer hard drives. In addition to hard drives, computer evidence can also be found on Cell Phone, MP3 Players, Tapes, CDs, Printers, PDAs, Memory Sticks, Camera Cards, and Network Logs.
What Digital Evidence can be found?
In addition to files listed in a standard directory search, digital evidence can also include Hidden Files, Deleted Files, Email, Deleted Email, Passwords, Logs, Login IDs, Encrypted Files, Stegged Files, Web Sites Visited, Searches Performed, Cookies, and Network Traces. Many of these sources include time information, which helps build time lines in investigations.
What if I don't know whether or not I have a case involving digital evidence?
In many cases, people may think that digital evidence is pertinent to some aspect of an investigation that they are involved with, but they are not sure. The DFC offers a "Quick Look" service that will perform a basic analysis to see if a complete investigation involving the digital evidence is warranted. This "Quick Look" service includes a one-hour meeting with a DFC staff member to discuss the case, a forensically sound image of the drive for the DFC staff to perform an analysis on, and two hours of analysis time. This service is provided at a low flat rate, allowing clients to determine whether it is worth spending the additional funds necessary to complete a full investigation.
What is the benefit of choosing the Digital Forensics Center to perform my investigation?
When choosing a Digital Forensics Investigator it is very important to consider what their background is. Many investigators have been taught how to use the tools necessary to complete an investigation, but their backgrounds lack the necessary computing concepts to make them excel. The staff members of the DFC have comprehensive backgrounds in computer forensics, computer science, computer networks, computer and network security, and data recovery. This extensive technical background makes DFC staff members more qualified to handle complex computer forensic investigations.
Can you help me compose an e-discovery request?
Yes. We can help determine the correct scope and help to assure that no important discovery avenues are omitted.
What causes digital evidence to be inadmissible?
The courts have adopted very strict rules on how digital evidence must be handled to avoid the appearance of tampering. A trained digital forensics specialist, such as our staff, should be used.
Will you need the computer for a long time?
No. When working investigations, we make a forensic image of the machine to work off. This process usually takes a day or two, after which you can have the computer back and we can work off of the exact copy that we made.
Is it okay to let my IT person do the forensics?
In most cases, no. The DFC staff have the training and proper equipment to conduct a forensically sound investigation. Your IT person most likely does not. To cut the risk of your evidence being inadmissible in court, it is best to use trained professionals in this area.
What tools do you use to uncover this information?
Our lab is equipped with the most up to date forensics hardware and software including X-Ways Forensics, EnCase Forensic Edition, and the Forensics Tool Kit (FTK).