Forensic analysis of a computer, whether for a criminal investigation or as part of a more general security incident response, requires that there be a set of well-defined procedures that comply with appropriate laws, organizational policies, and best industry practices that cover issues such as when (and how) to notify law enforcement and the physical seizure of the computer(s) to obtaining and protecting evidence and performing an orderly search of the system. It doesn’t matter, really, whether the evidence gathering is for legal purposes or just to understand an incident so as to avoid it in the future; analysis requires tools and processes.
Below are a few areas of expertise where we excel. No single tool can perform all aspects of a computer forensics analysis:
- Create disk images
- Recover passwords
- Perform file access, modification, and creation time analysis
- Create file catalogs
- View system and application logs
- Determine the activity of users and/or applications on a system
- Recover “deleted” files and/or examine unallocated file space
- Obtain network information such as IP addresses and host names, network routes, and Web site information
- Log Analysis
- System Analysis
- Network Log Gathering & Analysis
For more information, please contact us online or call us at (270) 830-9590.
