Home
 		 Our Promise
 		 Services
 		 Client Login
 		 F.A.Q.
 		 Service Rates
 		 Contact Us
 
 
Executive Computer
   Forensic Services   Uncovering the hidden truth
 Intellectual Property Disputes
Employee Misconduct / Policy Violations
Dishonest Employee Investigations
Exit Audits of key Employee Workstations
Divorce
Threats Harrassment, and/or Stalking
Extortion and/or Black Mail
On-line Gambling
Domestic Violence
Child Pornography & Sexual Exploitation
Use of Email, Instant Messaging & Chat Rooms
Identity Theft
Password Detection and Cracking
 

Warning

It is not recommended that you attempt to search for evidence yourself because this can change important date and time stamp information and could overwrite deleted files and possibly hinder the litigation process.

Executive Computer Forensic Services is comprised of highly trained and experienced computer forensic investigators that specialize in the handling of sensitive computing devices and electronic data. We can examine and apply forensic data recovery methods to almost any computing device, from desktop computers to handheld PDA’s and cell phones. ECFS can also recover critical electronic data from damaged or non working computer devices.


What exactly is Computer Forensics?

Computer forensics is considered to be the use of analytical techniques to identify, collect, preserve, and examine evidence/information which is magnetically stored or encoded in media.

Why is Computer Forensics employed?

To provide digital evidence of a specific or general activity. The forensic investigation itself can be initiated for a wide variety of reasons. The most high profile cases are usually in the area of criminal investigation, or perhaps civil litigation, but forensic techniques can be of value in a wide variety of situations, including, simply tracking the steps taken when data has been lost.

How a forensic investigation is typically approached?

Very broadly, the main phases are sometimes considered to be:
- secure the subject system (from tampering or unauthorized changes during the investigation);
- take a copy of hard drive/disk (if applicable and appropriate);
- identify and recover all files (including deleted files);
- access/view/copy hidden, protected and temp files;
- study 'special' areas on the drive (for example, the residue from previously deleted files);
- investigate the settings and any data from applications and programs used on the system;
- consider the system as a whole from various perspectives, including its structure and overall contents;
- consider general factors relating to the users computer and other activity and habits, in the context of the investigation;
- create detailed and considered report, containing an assessment of the data and information collected.
Throughout the investigation, a full audit log of all activities willmaintained and recorded. It is not unreasonable to include this in the report.

What do I do if I have a machine that has evidence?

Turn off the computer call Executive Computer Forensic Services to image the hard drive on that computer to preserve all data on the drive -- both active and inactive (deleted) data – as of the current point in time will be captured. Do not boot the computer or use it in any way before our Computer Forensic specialist acquires the hard drive image.
Home | Client Login | Privacy Policy | Terms Of Use | Payment Options | F.A.Q. | Contact Us
Copyright 2007 © Executive Computer Forensic Services