Links to computer forensics and expert witness services websites from Morochove & Associates Inc.
:: Home :: Contact us :: Feedback :: Privacy stmt :: Site map
| About us | Services | FAQ | Contact us | Links
   
 
 
 
   
 
 
 
   
   
   
   
   
   

Computer Forensics Frequently Asked Questions (FAQ)Computer Forensic Services FAQ (Frequently Asked Questions)

Computer Forensics FAQ (Frequently Asked Questions)On this page you will find some of the most commonly asked questions about our computer forensic investigation services, along with their answers. Please click on the question to view the answer.

If you have a computer forensic investigation question which is not answered here, please submit it using the Contact us page. This Computer Forensic Services FAQ will be updated periodically with new questions and answers.
 

Questions

Computer Forensics question What is involved in Computer Forensics?

Computer Forensics question What is the purpose of Computer Forensics?

Computer Forensics question When might Computer Forensics be employed?

Computer Forensics question What is an Anton Piller order? How does it relate to Computer Forensics?

Computer Forensics question Can you recover deleted data from a computer?

Computer Forensics question Can I monitor the e-mail, instant messages and web access of others who use my computer(s)?

Computer Forensics question Can you determine who sent an e-mail?

Computer Forensics question Can you determine who wrote or printed a computer document?

Computer Forensics question What is the cost of a Computer Forensics investigation?

Computer Forensics question I have a problem with my computer. Can you fix it?

Computer Forensics question I am a student or recent graduate researching the Computer Forensics market. Can you send me all the information you have?

Answers

Computer Forensics question What is involved in Computer Forensics?

Computer Forensics services include the acquisition, examination, identification, analysis and interpretation of electronic data commonly created and used by computers and related digital devices. Go to top of page

Computer Forensics question What is the purpose of Computer Forensics?

Computer Forensics services may be used to support both civil and criminal litigation as well as to enhance overall corporate information technology security. In general, Computer Forensics services offer the potential to provide digital evidence which may support allegations of certain activity in which computers are involved. Go to top of page

Computer Forensics question When might Computer Forensics be employed?

Computer Forensics services may be used in cases of: unauthorized disclosure or copying of sensitive business data, such as customer databases, price lists and employee payrolls, whether by accident or by intent; fraud and deception; Internet abuse by employees including downloading of pornography; industrial espionage by "crackers" and subsequent damage assessment; recovery of data thought to be deleted; revelation of data hidden or included in temporary or swap files; access to encrypted, password-protected data.

In general, as computers have moved into the mainstream, they are employed in more instances where sensitive information is sent by e-mail, instant messaging, FTP or copied on disk or a flash memory device. Computer Forensics investigators can help validate the integrity of this computer data and interpret it. Go to top of page

Computer Forensics question What is an Anton Piller order? How does it relate to Computer Forensics?

An Anton Piller order is granted by a judge and can be considered as roughly equivalent to a civil law form of search warrant, although there are some key differences.

An Anton Piller order typically authorizes the collection of specific data related to the action.

Anton Piller orders were formerly rarely used, but have recently become more commonplace in matters where computer data is critical. This data can be quickly erased if there is prior knowledge of a pending legal search. This is an ex parte order where the subject of the order should have no prior knowledge of the Anton Piller order until the representatives of the other party arrive on location.

We have assisted in implementing Anton Piller orders and, in other circumstances, helping to challenge the need for such an order.  Go to top of page

Computer Forensics question Can you recover deleted data from a computer?

We can recover many instances of deleted data. The probability of success depends upon the specific circumstances. These include the type of data, the length of time since its deletion and the activity on the computer since its deletion, among other factors.

In general, full or partial recovery of text data is easier than binary data, such as images or videos. Data deleted in the past few days is easier to recover than data deleted many months ago. Data from a relatively inactive computer which stores little information is easier to recover than data from an actively used computer that's using close to its full data storage capacity.

If you think you may wish to recover deleted data from a computer, please stop using the computer immediately! Continued use of the computer may make it impossible to recover the data.

You usually get one kick at the can to recover deleted data. If a non-professional has already attempted to recover deleted data and failed, it may no longer be feasible to recover the data.Go to top of page

Computer Forensics question Can I monitor the e-mail, instant messages and web access of others who use my computer(s)?

Yes, you can. The best solution to carry this out depends upon the number of computers and computer users.

For a few PCs, software-based monitoring installed on each computer is usually the most cost-effective solution. The right monitoring software can track e-mail sent and received, including web-based e-mail services. Instant messages can be saved. The software can also record websites visited and, if required, block access to specified websites, such as those with pornographic content.

This type of individualized computer monitoring software may be used by a small business to track employee usage. It may also be used on a home PC to monitor computer use by others in the household, such as children. We recommend the Internet surveillance and monitoring software products of SpectorSoft.

For larger corporate installations with many PCs and users, a centralized network-based solution is usually the most efficient and easy to administer. Typically, this will include a configurable hardware-based firewall and data vaulting capabilities to comply with relevant regulatory requirements. Please contact us to consult on the corporate solution that's right for your business. Go to top of page

Computer Forensics question Can you determine who sent an e-mail?

Our examination of the complete contents of an e-mail message will usually show the path it traveled over the Internet to reach its destination. This will give clues to the e-mail's origin, which may be traced back to an ISP (Internet Service Provider) or a corporate network. Sometimes the information will include sufficient detail to link the e-mail to the specific computer which probably sent it. Go to top of page

Computer Forensics question Can you determine who wrote or printed a computer document?

In many cases we can determine the probable author of an electronic document, such as a word processor file, by examining the document data file for the encoded metadata.

We may be able to determine who printed a paper document using a computer. Some computer printers encode data in the printed document. After decoding, this data can provide information such as the serial number of the printer and the date and time of the printout. This information may be sufficient to determine the owner or user of that computer printer. Go to top of page

Computer Forensics question What is the cost of a Computer Forensics investigation?

The cost of a Computer Forensics investigation is based upon an hourly rate plus expenses incurred. The total cost will depend upon the complexity of the issues and the time involved. More time is usually required in the analysis and interpretation phase than in the initial acquisition of the data.

We offer an initial telephone consultation of up to 30 minutes at no charge to qualified prospects. To request this complimentary consultation, please contact us. Go to top of page

Computer Forensics question I have a problem with my computer. Can you fix it?

We do not offer computer repair services. Go to top of page

Computer Forensics question I am a student or recent graduate researching the Computer Forensics market. Can you send me all the information you have?

We do not collect or maintain Computer Forensics market statistics or employment information. All our publicly available information is on this website. Please contact your school's guidance counsellor, your teacher or a librarian for research assistance. Go to top of page


Copyright 2005-14 by Morochove & Associates Inc. All rights reserved.