609.238.8795 | info@pvlforensics.com      

 

Computer Forensics (CF) Examination

CF is the technological, systematic inspection of the computer system and / or its contents for evidence or supportive evidence, of a crime or other computer use that is being investigated.  CF requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel.

PVL Forensics has the ability to conduct sound forensic examinations on the following devices:

  • Servers, desktop, workstations, and laptops
  • PCs, MACs, tablets, & iPads
  • RAID arrays, hard disk drives, USB, Zip and all external drives
  • PDAs, iPhones, Blackberries, Droids, Smart & cell phones
  • RAM & memory cards
  • CDs, DVDs, & floppy disks
  • GPS devices, DVRs, fax, & copy machines

PVL Forensics has the ability to conduct sound forensic examinations for the following as well:

  • Web-based e-mail and other data hosted accounts (data harvesting)
  • E-mail identification (IP header analyzing)

Investigation Steps

To help better understand the process, the following list gives the basic steps involved for a CF investigation (this list is not necessarily all inclusive and CF examination can differ depending on the nature of the device, examination parameters, and other factors).

  • Incident notification
  • Obtaining understanding of incident
  • Obtain authorization to proceed
  • Verify scope of work
  • Document incident area
  • Document incident equipment
  • Prepare bit-stream copies of original evidence
  • Maintain chain of custody forms
  • Securing of original evidence
  • Data extraction and analysis at forensic lab
  • Carve out deleted files and file fragments
  • Reconstruct internet history, web pages, and/or email activity
  • Analyze critical files such as registry files, user login files, & event logs
  • Time line analysis
  • Generate hash values and compare
  • Prepare report of findings
  • Lessons learned
  • Archive data

Using advanced forensic tools and techniques, we always follow sound forensic examination procedures set forth by the forensic industry and court-accepted procedures. This includes the following: using forensically sterile examination media, constantly maintaining the integrity of the original media, utilizing sound forensic examination software, providing properly marked and controlled printouts, copies of data, and exhibits resulting from the examination.

E-mail: info@pvlforensics.com