 Computer
Forensic Services FAQ (Frequently Asked Questions)
 On
this page you will find some of the most commonly asked questions
about our computer forensic investigation services, along with their answers. Please click on
the question to view the answer.
If you have a
computer forensic investigation question which is not
answered here, please submit it using the
Contact us page. This Computer
Forensic Services FAQ will be updated periodically with new questions and
answers.
Questions
What is involved in Computer
Forensics?
What is
the purpose of Computer Forensics?
When might
Computer Forensics be employed?
What is an Anton Piller order?
How does it relate to Computer Forensics?
Can you recover deleted data from a computer?
Can I monitor the e-mail, instant messages and
web access of others who use my computer(s)?
Can you determine who sent an
e-mail?
Can you determine who wrote or
printed a computer document?
What is the cost of a Computer
Forensics investigation?
I have a problem with my computer. Can you fix it?
I am a student or recent graduate researching the Computer Forensics market. Can you send me all the information you have?
Answers
What is involved in Computer Forensics?
Computer Forensics
services include the acquisition, examination, identification, analysis and
interpretation of electronic data commonly created and used by
computers and related digital devices.
What is the purpose of Computer Forensics?
Computer Forensics services may be used to support both civil and
criminal litigation as well as to enhance overall corporate
information technology security. In general, Computer Forensics services offer the potential to
provide digital evidence which may support allegations of certain
activity in which computers are involved.
When might Computer Forensics be employed?
Computer Forensics services may be used in cases of: unauthorized
disclosure or copying of sensitive business data, such as customer
databases, price lists and employee payrolls, whether by accident or
by intent; fraud and deception; Internet abuse by employees
including downloading of pornography; industrial espionage by
"crackers" and subsequent damage assessment; recovery of data
thought to be deleted; revelation of data hidden or included in
temporary or swap files; access to encrypted, password-protected
data.
In general, as computers have moved into the mainstream, they
are employed in more instances where sensitive information is sent
by e-mail, instant messaging, FTP or copied on disk or a flash memory device. Computer
Forensics investigators can help validate the integrity of this
computer data and interpret it.
What is an Anton Piller order? How does it relate
to Computer Forensics?
An
Anton Piller order is granted by a judge and can be considered as
roughly equivalent to a civil law form of search warrant, although
there are some key differences.
An Anton Piller
order typically authorizes the collection of
specific data related to the action.
Anton
Piller orders were formerly rarely used, but have recently become
more commonplace in matters where computer data is critical. This
data can be quickly erased if there is prior knowledge of a pending legal
search. This is an ex parte order where the subject of the order should have no prior knowledge of the Anton
Piller order until the
representatives of the other party arrive on location.
We have
assisted in implementing Anton Piller orders and, in other
circumstances, helping to challenge the need for such an order.
Can you recover deleted data
from a computer?
We can recover many instances of deleted data. The
probability of success depends upon the specific circumstances. These
include the type of data, the length of time since its
deletion and the activity on the computer since its deletion, among
other factors.
In general, full or partial recovery of text data is
easier than binary data, such as images or videos. Data deleted in the past
few days is easier to recover than data deleted many months ago.
Data from a relatively inactive computer which stores little
information is easier to recover than data from an actively used
computer that's using close to its full data storage capacity.
If you think you may wish to recover deleted data from a computer, please stop using the computer immediately! Continued use of the computer may make it impossible to recover the data.
You usually get one kick at the can to recover deleted data. If a non-professional has already attempted to recover deleted data and failed, it may no longer be feasible to recover the data.
Can I monitor the e-mail,
instant messages and web access of others who use my computer(s)?
Yes, you can. The best solution to carry this
out depends upon the number of computers and computer users.
For a few PCs, software-based monitoring installed on each
computer is usually the most cost-effective solution. The right
monitoring software can track e-mail sent and received, including
web-based e-mail services. Instant messages can be saved. The software can also record websites
visited and, if required, block access to specified websites, such
as those with pornographic content.
This
type of individualized computer monitoring software may be used by
a small business to track employee usage. It
may also be used on a home PC to monitor computer use by others in
the household, such as children. We recommend the Internet surveillance and monitoring software products of
SpectorSoft.
For
larger corporate installations with many PCs and users, a centralized
network-based solution is usually the most efficient and easy to administer. Typically,
this will include a configurable hardware-based firewall and data vaulting capabilities
to comply with relevant regulatory requirements. Please
contact us to consult on the corporate solution that's right for your business.
Can you determine who sent
an e-mail?
Our
examination of the complete contents of an e-mail message will
usually show the path it traveled over the Internet to reach its
destination. This will give clues to the e-mail's origin, which may
be traced back to an ISP (Internet Service Provider) or a corporate
network. Sometimes the information will include sufficient detail to link the
e-mail to the specific computer which probably sent it.
Can you determine who wrote
or printed a computer document?
In many
cases we can determine the probable author of an electronic
document, such as a word processor file, by examining the document
data file for the encoded metadata.
We may
be able to determine who printed a paper document using a computer.
Some computer printers encode data in the printed document. After
decoding, this data can provide information such as the serial
number of the printer and the date and time of the printout. This
information may be sufficient to determine the owner or user of that
computer printer.
What is the cost of a Computer Forensics
investigation?
The cost of a Computer Forensics investigation is
based upon an hourly rate plus expenses incurred. The
total cost will depend upon the complexity of the issues and the
time involved. More time is usually required in the analysis and
interpretation phase than in the initial acquisition of the data.
We offer an initial telephone consultation of up to 30
minutes at no charge to qualified prospects. To request this complimentary consultation, please
contact us.
I have a problem with my computer. Can you fix it?
We do not offer computer repair services.
I am a student or recent graduate researching the Computer Forensics market. Can you send me all the information you have?
We do not collect or maintain Computer Forensics market statistics or employment information. All our publicly available information is on this website. Please contact your school's guidance counsellor, your teacher or a librarian for research assistance.
|
