The Computer Forensics Process – An Overview
Any successful process begins with a plan, especially a computer forensic analysis. The ability to build and follow targeted workflow guidelines helps not only reduce time and thereby costs, but also increases the amount of relevant data retrieved and helps ensure what is produced is of the highest possible quality. GDF can work in lock-step with investigators and security personnel to identify and target sources of evidence, gain an understanding of the case, and apply the proper computer forensic procedures.
The acquisition process ranges from complete forensic disk imaging to gathering information from other devices and sources (like servers & phones) in a manner consistent with the Best Practices of the Computer Forensic Guidelines, thus ensuring a proper chain of custody is strictly maintained and admissibility from the computer forensics perspective is assured. Read the ABA article on he Dangers of Do-It-Yourdelf Computer Forensics.
GDF has many years of experience in data recovery and acquisition. We pride ourselves in our ability to go beyond the capabilities of computer forensic software tools and design processes, which often yields results missed by forensics specialists that would be running blind without the latest and greatest tools in their hand to trust in. If every forensic tool out there was already perfect, you wouldn’t see new ones coming out all the time, but when you’ve been around longer than the wheel, you still know how to get around effectively on foot when the situation calls for it. Understanding where to look in the complex environments of corporate networks, knowing what questions to ask and working as unobtrusively as possible, so as not interrupt the flow of business or create unnecessary burden, is where our far reaching experience sets GDF apart from other firms. GDF Computer Forensic Specialists know where to look, what to ask and how to extract data from virtually any computer, server or device containing Electronically Stored Information, to complex mail and financial systems.
Even the smallest hard disk drives and digital devices can contain tens of thousands of files. GDF uses state-of-the-art computer forensic techniques and tools, coupled with our vendor-neutral abilities, to make a relevant mole-hill out of the mountain of data, consistently yielding exemplary, concise results. Our clients agree, “the results are of the highest relevant value and were handled in the shortest possible time”… “GDF has the capability to handle massive amounts of data and turn results around fast.” Having that deep understanding of the underlying technologies makes finding “the smoking gun” in the least likely places our specialty.
Once the computer forensic analysis is complete, presenting an understandable, defendable and complete report is key. Our clients find the evidentiary packages produced by GDF to be complete, easy to understand and always explained in precise detail. The addition of relationship charts, entity explanations, timelines, histories and mail-thread analysis gives our clients a clear understanding of the issue, as well as the players. The ability to defend the process and testify to the methodologies used relating to the facts in the case make GDF experts unparalleled in the field, ensuring you never get caught in one of those “deer-in-the-headlights” moments when the questions start getting get tough during expert witness testimony.
What Makes GDF Different?
GDF has a wide range of experience in both the public and private sector, ranging from Fortune 500 companies to government agencies, from large international law firms to solo practitioners. With hundreds of successful cases under our belt and experience with virtually every type of media, GDF can help in any case where ESI and/or eDiscovery is involved.
Confidentiality and Professionalism
Confidentiality and professionalism are the keys to our success. All analysis and consulting work is performed adhering to the highest level of forensic scrutiny. We follow all forensic procedures and use only open and verifiable programming techniques. Our methodologies are also transparent, so we encourage the court and opposing sides to dissect our work, because we confidently stand behind its admissibility and accuracy one hundred percent. In the spirit of this philosophy, we use NO PROPRIETARY or secret methods, or programs, when doing our forensic analysis. Our process not only applies to eDiscovery and litigation, but also steers our approach to network security, cyber intrusions & data breaches, as well as emergency incident response. In all of these scenarios there is one common thread, the earlier you get Global Digital Forensics involved in the process, the more the odds will swing in your favor.