Chain of Custody: All litigation support/ forensics projects are well documented in our database. Of the highest importance amongst those documents is the Chain of custody document which tracks possession of the suspect computer/hard drive from the initial possessor of the media to the forensics engineer that works on it back to the initial possessor or the recipient of the evidence after all forensic analysis is complete.

Forensic Imaging: Securing the data on a hard drive is the most crucial part of forensic computing. Once you decide to use our services it is important to ensure that the computer is not used in any way until after a bit-by-bit image is taken as potential evidence can be overwritten by any further use of the computer.

Scavenge: This is a process that involves the retrieval of any and all lost or deleted data that still resides in unallocated clusters and slack space of the hard drive or media. When data is deleted or lost from a hard drive, the system marks the files as deleted and makes that logical space available to the user. The files however still reside in the actual sectors of the hard drive until such time that they are overwritten by any new data that is saved/written to the drive. The process of scavenging seeks out all such files and folders that were deleted either by mistake or purposefully and that still reside in the physical sectors of the drive.

Keyword Search: Another kind of search which is more comprehensive in its scope is the binary search. This search examines the entire contents of the drive, both the allocated and the unallocated space for any matches to the given keywords. This process results in even fragments of files or documents such as email bodies and does not restrict itself to file or folder structures. A common use of this search is in looking for emails or instant messages that are not saved by the user.