Call AmDoc Today 800-455-1599

Email*
Schedule a Demo
Schedule a Demo"See it to understand it."  Seeing is believing -- and comprehending.  A few minutes watching technology saves hours of reviewing brochures and reading manuals.   Schedule your demo now!  Read More
Services
You are here:
RSS Feed Available

Computer Forensics

Computer_ForensicsComputer forensics involves the capture and investigation of electronic information for use in a variety of situations.

CAPTURE

Projects involving ESI (electronically stored information) are captured utilizing one of the following methodologies:

  • Content:  What is actually contained within the electronic data that is being captured
  • Content AND Context:  Not only what information is within the data, but the environment in which it resides, as well as what history of events that went into the data (who created the file, when it was created, when it was last printed, has it been changed, etc.)

A forensic capture requires the preservation of both the content and the context without changing any metadata.  This necessitates the use of special equipment, systems and procedures that prevent a change to the "last date accessed" and "last date modified" metadata fields (as well as others).  Write blockers, special hardware that allow the data to flow only from the device being captured to the device doing the capture, are used.  In some cases, the computer being captured cannot be changed from its current state (either "on" or "off"), or key information could change.  The specific environment (heat / cold; locatoin; access) can also be of interest to certain projects.

The methodology for forensic capture involves the following:

  • extensive, formal procedures that prepare both the data and the individual working with the data to testify as to how it was handled
  • use of specific tools (such as write-blockers) that will preserve the data without changing any of the metadata
  • the capture of hidden or deleted information
  • maintaining chain-of-custody records that indicate exactly what happened during the capture

INVESTIGATION

After capture, a forensic investigator will examine the data for case-specific information.  The slack space (see Glossary) may be examined to find hidden or deleted information.  Changes to specific files may be examined to determine the time, place or individual involved in those changes.  Internet records may be opened to determine the timing of specific activities.

NON-FORENSIC CAPTURE OF ESI

Currently, not all electronic information that is used in litigation is handled forensically.  In some cases, the legal team has determined that the additional cost of capturing the data forensically is not warranted for the specifics of the individual project.  This decision is the responsibility of legal experts.

AmDoc provides experienced technicians when a forensic capture is required.  State-of-the-art equipment and software is utilized in combination with required chain-of-custody tracking and repository management procedures to preserve the integrity of the data.

In addition, AmDoc can provide clients with a self-capture system that preserves data forensically and certifies an automated capture.  See DATA FERRET  for additional information on this device.

Copyright ©2010
American Document Management
200 West Cypress Creek Road Suite 220 Fort Lauderdale FL 33309
800.455.1599 / Corp: 954.462.5400
Fax 954-463-7500
Another website by 123YourWeb