Computer Forensics / Electronic Forensics / Digital Forensics
At Infinity Forensics we conduct Computer Forensics & Digital Forensics Investigations, both “large and small scale” of desktop computers and servers, laptop computers, Android’s, iPhones, Blackberry’s and mobile phones to obtain evidence vital to civil litigation and criminal matters. Digital Forensics is the science behind obtaining valuable electronic evidence or information from electronic devices
We are regularly involved in cases involving suspected spoliation and destruction of electronic evidence, human resource investigations, frauds, embezzlement, improper termination, copyright infringement, theft of intellectual property, divorce and other legal areas.
Infinity Forensics’s Digital Forensic Services include:
What is Computer Forensics?
Computer Forensics is the preservation, identification, extraction, documentation and interpretation of computer media for evidentiary and/or root cause analysis. It is also referred to Electronic Discovery, Electronic Evidence Discovery, Digital Recovery, Data Discovery, Computer Analysis and Computer Examination.
What is Computer Crimes?
Fraud
Identity Theft
Defamation
Copyright
Gambling
Anti-spamming
The Process
Determine legal right
Investigator must obtain authorization from authorities such as legal department. This is an important issue, because without authorization, evidence gathered may not be accepted.
Design for evidence
A good start might be photographing the original hardware setup, anything which may related to case should fully recorded, for instance, Location, Time, Date, Serial Number, etc.
All the evidence should be isolated and protected. The chain of custody form helps to find out who has touched the evidence, also it’s a way to demonstrate the evidence hasn’t been damaged. All the process should be fully document.
Produce records
All media must been write protected. Write protecting a digital evidence guaranties that the evidence is not altered or erased during investigation process.
Creating a bit streaming backup (Mirror Image) of the digital media is the following step. When imaging has been done, a Hash value has to implement to both Master and Copy evidence to confirm that duplication process done properly.
Collect evidence
During this step, examiner must determine where to collect evidence from and decide the best order to gather the data. This can be done through several processes, to include: searching for hidden information, user file, deleted file, encrypted file, emails, cookies, and system logs. All the suspicion evidence must be print out and all process must be fully documented.
Analysis evidence
All collected evidence must be analyze to extract the evidence to answer, “who, when, why and how” questions. Main challenge in this process is to check and run, unknown programs, unknown files, to find out what is the result.
Reporting and presentation
Reporting and Presentation is the conclusions and corresponding evidence from the investigation to convince an authority. Document the following for presenting to an authority:
Digital forensics Singapore it forensic investigator forensic investigator Sing