computer forensics

Computer data may be encoded in many types of media including hard drives, solid-state drives, CDs, DVDs and other solid-state media such as flash memory found in USB-stics and SD cards such as those which store pictures in cameras and mobile phones. Sometimes this data may stretch across multiple drives such as in a server – analyzing this type of data requires special tools.

Watermark uses the latest patented software and hardware tools to ensure transparency and traceability. Using obscure tools or unpublished methods to retrieve data is not an acceptable way to introduce computer data as evidence. An inexperienced IT contractor and certainly many people working in IT don’t follow the same rigorous methods to ensure that preservation of data is maintained.

Computers are not designed with the absolute privacy which people believe they provide and data which might have been deleted is often still there for easy retrieval. Often this deleted data is what is being sought for evidence. Log files and other system files can sometimes be used to indicate intentional tampering to hide data.

If you have a PC which you think is possible evidence – it’s likely best to be powered down by unplugging it directly and should not be powered on again. If the PC or device is not powered on, it’s best left powered down as the process of shutdown and restart changes files. Preservation of evidence is crucial to having it be successfully admitted as evidence in court.

Watermark has an array of software and hardware as well as certified examiners who understand hardware and the operating systems and their architecture such that we can readily assess a PC and provide detailed reports based upon keywords, file-types and other metrics to provide a detailed analysis of computer or device use for a given period of time and associated data.