Investigation
The initial response includes investigating what operating system is running, interviewing key users of an organization and determining the best approach to protect the data involved. The initial collection of important information is key to the success of a computer forensic examination. Data that may be involved in an investigation can come in all forms of media including PC's, laptops, cell phones, digital cameras, mainframes or servers, tape backups, Thumb drives, and PDA's. The method in which data is collected can be the most scrutinized aspect of a digital investigation.
Analysis
The analysis phase consists of the recovery and interpretation of the information that's been collected and authenticated. We are able to pinpoint a file's location on the disk, its creator, the date it was created, the date of last access, the date it was deleted, as well as file formatting, and notes embedded or hidden in a document. Our experts in computer forensics can reconstruct the computer usage based on forensic analysis of the data and systems. Our experts consult with litigants and testify on their behalf regarding electronic data history, a blueprint of what has happened.
Because we use forensically sound and court approved methodologies we stand ready to defend our processes. And, as required by Texas State Law, we are licensed and insured. Our properly trained forensic examiner can retrieve files that are deleted, disguised, hidden or encrypted (up to 128-bit encryption) - far beyond a normal examination of data. Our staff includes a State of Texas licensed and sworn Texas Peace Officer who can assist clients with proper advice should the evidence of criminal activivty be discovered during the digital forensic investigation.