After a E-Investigations technician acquires a digital forensic image of the device in question for computer forensic purposes, the next step is culling. E-Investigations experts will determine what types of files—documents, images, etc—can be recovered from the data. We gather information from email servers and their mailboxes, file servers, home directories, and shared folders, as well as data pertaining to the type and location of data, electronic storage policies, and back-up procedures. Aside from the content of the device, our specialists also extract metadata that identifies the file’s creator. This includes when it was modified and when it was sent.
After the computer forensic images have been culled and the non-essential program files, duplicates, and other non-essential data discarded, the relevant digital forensic information is uploaded into the EInvestigations e-Discovery program, which is a very in-depth and forensically sound resource. The client, other counsel that may get involved, and professional researchers can then use the same recovered data for analysis.
- Attack Identification
- Data Breach Analysis
At E-Investigations, we specialize in finding hidden and encrypted documents using thorough investigative techniques that adhere to state and Federal regulations for civil and criminal cases. We have a solid understanding of Macintosh, Windows, and Linux operating systems, and we use our expertise to examine all networks, hard drives, and backup drives, protecting all hardware, software, and data from being compromised during the search.