Areas of Digital Forensics

  • Computer hard drive imaging/preservation
  • External memory devices imaging/preservation
  • Forensic data file extractions
  • Special master neutral third-party representation
  • Image file forensic analysis
  • Document authenticity analysis
  • Reconstruct files, emails, activity logs
  • Video media forensics
  • Deleted data files/email/IM recovery
  • Demonstrate/Prove transfer or dissemination of IP or trade secrets 
  • Database mining forensics
  • Network forensics
  • Network server imaging/examinations
  • Mobile phone imaging/forensic examinations
  • Reconstruct phone logs/text messages
  • Deleted voice mail recovery forensics
  • System and document metadata extractions
  • Data scrubbing activities verification
  • Internet archival forensics
  • Computer monitoring/spyware verification
  • User's website activity history
  • Internal computer clock manipulation
  • File transfer/copying history
  • Inaccessible ISP email recovery
  • Identification of all external devices connected to a computer with dates

Whitepapers

Check out CyberControls' Whitepaper Directory for in-depth tips on
e-Discovery and digital forensics by clicking here. 

Free Initial Consultation

We welcome the opportunity to have a discussion about a certain matter that you are representing.

We can either run a conflicts of interest check before delving into the details or we can stay at 30,000 ft. and just go over the high-points to determine whether our firm is a right fit.

Call: 847-756-4890 and ask for a managing partner to speak with you, or you may submit your questions in writing by clicking here:Submit Your Question 


Digital Computer Forensics Basics

So what is digital forensics exactly?

Digital forensics pertains to the forensic investigation of devices used for the storage of digital data, the objective of which is to locate and extract the digitally stored data from such devices in order to assist in the submission of relevant evidence in civil or criminal court cases. Some examples of common media storage devices involved in digital forensics are: 

  • Computers/servers and their digital components
  • Digital audio devices such as MP3 players, I-Pods, I-Pads, audio surveillance systems.
  • Digital video devices such as digital cameras, digital video surveillance systems, scanners, facsimile machines, imaging systems.
  • External media storage devices such as CDs, DVDs, flash memory cards, USB drives.
  • Communication devices such as mobile phones, PDAs, Blackberries, I-Phones.

So why is CyberControls always making the distinction between a Requesting Party and a Producing Party?

describe the imageClearly, the needs and objectives of opposing parties in a litigation matter at first glance would lead most observers to assume that when considering digital forensics as a solution to resolve some discovery dispute, the plaintiff would be the more likely party to initiate this approach. This is no longer the case.

In fact, we contend that the rising costs of commercial litigation for both parties in a dispute demands that a strict adherence to the duty to preserve all relevant ESI is the best option or motions for spoliation sanctions are sure to follow. While a plaintiff might have a more extensive list of documents and things on their discovery requests than does the defendant in a case, that will not diminish the plaintiff's liabilities resulting from insufficient litigation-hold practices on their part.

Digital Forensics may be the only option available to a litigant to be assured that an exact duplicate of an original data device has been created at a given time. Byte-by-byte, bit-by-bit, the forensic bitstream image of a digital storage device will demonstrate to all concerned that maximum effort was expended to preserve the entire contents, both active and deleted data files that existed on the same original media device at the time the bitstream image was successfully completed.

So whether you represent a plaintiff or a defendant, the goal should be the preservation of any media device that has been identified as a likely source in which relevant ESI is stored that pertains to the lawsuit.  The list to the left represents the majority of digital media devices and objectives commonly focused on in e-Discovery disputes. Increasingly, defense attorneys are seeing the advantage of initiating pre-production forensic examinations of their client's digital devices in an effort to eliminate any element of surprise or possibly the recovery of exculpatory ESI that may have been previously deleted.

For plaintiff clients, the CyberControls' forensics services team will assist the attorney in formulating an e-Discovery strategy that may include examination protocols that accompany motions to inspect the computers of an adverse party. In labor disputes involving alleged misappropriation of confidential or trade secret information, major dividends come to those who perform a thorough forensic analysis of the work computers used by the recently departed employee. That is, before the client's IT manager performs any in-house computer examinations which potentially could destroy valuable ESI permanently! 

Disclaimer

This information is neither designed nor intended to provide legal or other professional advice but is intended merely to be one of many sources for research on e-Discovery related topics. While every attempt has been made to ensure the accuracy of this information, no responsibility can be accepted for errors or omissions. Recipients of information or services provided by CyberControls, LLC shall maintain full, professional, and direct responsibility to their clients for any information or services rendered by CyberControls, LLC.  

Requesting Party Forensics

describe the image
In a majority of e-discovery disputes, a requesting party is claiming that the responding party has either performed an unreasonable discovery resulting in significant omissions in their production of relevant ESI, or they are guilty of deliberate obfuscation or possible spoliation.
There are also time critical imperatives that require emergency tactics such as:
  • Preservation Order motions to prevent the destruction of valuable ESI
  • Motions for the inspection of specific computers or;
  • Ex parte orders to conduct a computer examination 

Producing Party Forensics

describe the image
It's natural to assume that as a defendant in a civil matter, computer forensics might not have an immediate fit.
On the other hand, our forensic specialists have performed a number of critical assignments for forensically-enlightened litigators representing a producing party:
  • Forensically imaging any digital device actively being used by the client to prevent spoliation.
  • To perform a forensically sound extraction of critical ESI such as metadata in its native file format for pre-production review.
  • Implementing a forensic search for deleted e-mails, documents, and other relevant ESI for pre-production review so as not to overlook any omissions made by one's client.

Online ESI Preview

CyberControls utilizes a government-standard 128-bit AES encryption online meeting service to collaborate and preview ESI with our clients on a remote basis. Benefits derived from remote online access are:

  • Attorney and client participation in evaluating ongoing forensic examination results.
  • Provides immediate feedback to the forensic examiner to determine relevancy of recovered ESI.
  • Supports time saving hands-on conferences with out-of-state opposing experts. experts