What Is Computer Forensics?

Computer Forensics is generally defined as the identification, acquisition, examination and preservation of Electronically Stored Information (ESI) using specialized analytical and investigative techniques. These specialized analytical and investigative techniques constitute a "forensically sound" manner and are what separates your local IT department and a true computer forensic examination.

An examination which does not follow forensically sound procedures can destroy evidence, make the results inadmissible in court, and subject the examiner and the client to legal and monetary penalties. Mishandling ESI is akin to altering a paper document. Computer Forensics involves the proper handling of ESI at every step. Computer Forensics is not just copying a hard drive and searching for files.

The worst thing you can do is conduct an examination on your own, or with your in-house staff, without following proper procedures. For a very cogent article explaining "The Dangers of Do-It-Yourself Computer Forensics" read the article with that title by Erik Shirk in the November 2007 issue of Law Practice Management here.

At ESI Consulting, we have the experience, education, tools, and ability to provide computer forensic services in a manner to ensure that your goals are achieved, namely the development of relevant evidence that is admissible in court or any other venue. For a more detailed list of some of the computer forensic services we provide, please visit our forensic services page.

Why Conduct a Computer Forensics Examination?

The situations in which a computer forensic examination can help you are endless. Some examples include

  • Proof that something exists or does not exist on a drive
  • Proof that something was deleted when it should not have been
  • Proof that something was or was not sent, received, or copied
  • Proof of when something happened, or that something did not happen at a certain time
  • Creation of a timeline of user activity to show patterns of activity
  • Retrieval of deleted data
  • Retrieval of data that was never even saved locally, such as chats or webmail

Cell Phone Forensics

ESI Consulting now provides cell phone and pda forensic services. With the latest hardware and software, we can examine more than 1900 different models, including Blackberry and iPhone.

Depending on the model and configuration, we can usually forensically retrieve the following ESI from a cell phone, pda or gps device:

  • SMS History (Text Messages)
  • Deleted SMS (Text Messages)
  • Phonebook (both stored in the memory of the phone and on the SIM card)
  • Call History
  • Received Calls
  • Dialed Numbers
  • Missed calls
  • Call Dates & Durations
  • Datebook
  • Scheduler
  • Calendar
  • To-Do List
  • Filesystem (physical memory dumps)
  • System Files
  • Multimedia Files (Images, Videos, etc.)
  • Java Files
  • Deleted Data
  • Quicknotes
  • More...
  • GPS Waypoints, Tracks, Routes, etc.
  • RAM/ROM
  • PDA Databases
  • E-mail
  • Registry (Windows Mobile Devices)

©Copyright 2010 ESI Consulting, Inc.
Design by: dZero inc. - Web Design