Computer Forensics is a combination of technology and skill. It is the ability of a computer forensic examiner to look at logical and physical disks as well as individual files, folders and registry entries to create a time-line of what the computer was used for today, yesterday, last week, last month or even last year.
The examiner can determine what data was moved, deleted, or hidden while adhering to strict guidelines of preservation so as to avoid spoliation and maintain the chain of custody. Utilizing industry standard tools and proven techniques; all possible data on a system can be analyzed. For example e-mails, images, deleted files and other information that is deemed relevant to an investigation can be reviewed.
The Examination process
- Examine logical and physical disks as well as individual files and folders with FAT12, FAT16, FAT 32, NTFS (including partition free space and file slack), ExtX, and HFS+ file systems
- Retrieve e-mail correspondence
- Keyword/Phrase Searching
- Access active and deleted data files or file fragments
- Discover graphic images
- Access Chat databases
- Identify Internet usage
- Recover data appearing lost due to hardware or software malfunction or destruction
- Access password protected files or encrypted files