Computer Drive Forensics

hard disks, solid state drives, full computers and more

Global Digital Forensics has recovered incriminating data from all types of computer systems. We’ve worked with major law firms across the country on cases ranging from patent litigation to criminal defense. Deleted email and photographs, erased documents, Internet browsing activity, computer usage habits, printing and copy records – we can find it and help you present it as evidence in court.

harddrive

Jump to:


Key Questions We Can Help Answer

Our work is all about finding answers. Typical questions that can be answered by a computer forensics and drive analysis might be:

  • What did the user do on the computer, at what time on what date?
  • Was proprietary information stolen, and by whom?
  • Can specific deleted files be recovered?
  • Was sensitive information sent to outside parties?
  • Was a document forged, and can its revision and printing history be accessed?
  • Were company policies broken?
  • Can evidence be recovered off a deliberately damaged system?
  • The system is encrypted – can you break in?
  • Who has accessed what information, and when?

Types of Digital Media

We’ve recovered data from just about any type of drive.

  • Hard Disk (desktops, laptops, servers)
  • Solid State Drives (netbooks, Mac Airs, tables, smartphones
  • Flash Drives
  • PC, Macintosh, Unix, Linux
  • USB, USB 2, USB 3, Firewire, Lightening
  • RAIDs

Types of Recoverable Data

  • Emails, deleted emails
  • Internet use information
  • Erased files
  • Deleted pictures and movies
  • Access and usage information
  • Temporary files
  • Logs

Drive Forensics Process

Our process is simple, fast and thorough. Click below to find out more.

+Free Consultation

Contact us for a free consultation with one of our forensics experts. We’ll learn the particulars about your situation, discuss evidence potential, the location and condition of the drive, and work out a plan to help you.

+Get Us the Drive(s)

Get Us the Drive(s)

Arrange drop off/courier/FedEx delivery of the drive/computer/device to Global Digital Forensics. Drives can be returned to you, or held as evidence.

  • The suspect device is received, and logged.
  • A proper chain-of-custody log is created.
  • The suspect device is forensically duplicated (imaged) using court accepted procedures.
  • The original evidence is properly stored in compliance with court approved procedures.


+A Complete Forensic Analysis

A Complete Forensic Analysis

A GDF analyst will digitally dissect the drive. You may only be interested in deleted emails, but we will find EVERYTHING on the drive that’s there to find.

  • All procedures are forensically sound
  • Chain of custody is preserved (evidentiary value)
  • Only court accepted tools and processes are used
  • Extraction of both active and latent data (deleted files, emails, texts etc.) to the extent forensically possible.
  • Keywords are searched using state-of-the-art forensic tools
  • Results supplied with Bates numbers and metadata
  • Entire device is searched, including for deleted information, metadata, emails and texts.


+Deliverables

Deliverables

Once we’ve completed our analysis of the drive, we will prepare a full report detailing our findings. This legal quality report includes full custodial chain documentation and meets the standards established by the US Dept. of Justice for digital forensic evidence submission.

  • An analyst will explain the findings to the client and await further disposition.
  • Our report will help identify the presence of any evidence or indicators to help client determine evidentiary value.
  • Storage of the subject media and forensic images for up to 1 year


Precautions

If there is evidence on the drive or computer, TURN IT OFF
  • When a user creates a file on a computer, the operating system writes that data to a physical location on the drive. The operating system then records the file’s name, location and size in what is basically a table of contents – so the operating system “knows” where that file is. When a file is deleted or erased, the file’s name is removed from the “table of contents,” but the file’s data isn’t touched and will remain intact until it is overwritten by other data. GDF’s forensic analysts can find that seemingly “lost” data, but the device must be turned off and we need it in house as soon as possible.
  • Computers and drives are often protected by passwords and encryption. Depending on the type of security, extracting information on the drive can get difficult.
  • Mechanically or electrically damaged drives might need repairs in order to access data stored on them.
  • There are legal implications regarding drive ownership and forensic analysis. Please call Global Digital Forensics if you have questions in this area.

Questions?

At Global Digital Forensics, we know the best way to get your business is to answer all your questions. Call us at 1 (800) 868-8189, or click the big green button below to schedule a free consultation.


Our Clients

GDF works with outstanding clientele from all sectors and ranging in size from small graphic design firms to Fortune 500 companies.

  • The Securities and Exchange Commission
  • NASA
  • The City of New York
  • AES Energy
  • PSE&G
  • Senior Aerospace
  • Stonybrook University Hospital
  • NY State Department of Corrections
  • American Civil Liberties Union
  • American Stock Exchange
  • Medstar
  • and more