DATA RECOVERY & INCIDENT RESPONSE
Service Summary
We provide the complete range of digital forensic services like data recovery, incident response, data-leak assessments and security investigations. Our experts are all certified professionals with years of successful field experience in dealing with various security incidents while preserving the evidence audit trail and chain of custody at all times.
Process Description
Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. We define computer forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.
Those who investigate computer crimes have to understand the kind of potential evidence they are looking for in order to structure their search. Crimes involving a information technology can range across the spectrum of criminal activity, from child pornography, to theft of personal data, to destruction of intellectual property.
We always make sure that our forensic investigators select the appropriate tools for each job. Files may have been deleted, damaged, or encrypted, and the investigator must be familiar with an array of methods and software to prevent further damage in the recovery process.
Two basic types of data are collected in computer forensics:
- Persistent data is the data that is stored on a local hard drive (or another medium) and is preserved when the computer is turned off.
- Volatile data is any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or is turned off. Volatile data resides in registries, cache, and random access memory (RAM). Since volatile data is ephemeral, it is essential an investigator knows reliable ways to capture it.
Computer forensic investigations usually follow the standard digital forensic process (acquisition, analysis and reporting). Investigations are performed on static data (i.e. acquired images of the compromised systems) rather than "live" systems. We perform all the work on the client premises in a room specifically secured from the public for the forensic procedures.