COMPUTER FORENSICS INVESTIGATIONS

  • Business and Federal Government Computer Forensics Investigations
  • Specialized Computer Forensics Investigations
  • Home Computer Forensics Investigations

When It Comes To Performing Computer Forensics Investigations, ComputerForensics911.Com/CF911 Is Your Best Choice. Why, the president of CF911 has been responsible for Protecting U.S. Government Sensitive and Highly Classified Information and Computer Networks up to the Top Secret SCI Level. He has discovered numerous Computer Security Violations and Breaches in his capacity as an Information Systems Security Manager and Computer Forensics Investigator. Our Computer Forensics Investigator is a Certified CISSP. See the About Us section of this website for further his credentials.

Our Computer Forensics Specialized Investigations are modeled after techniques used in Highly Classified Investigations within the Department of Defense and Intelligence Community Agencies.

A Computer Forensics Investigation is/must be an Independent and Unbiased Assessment of the contents of a computer hard drive. The Computer Forensics Investigator will Examine and Analyze many types of files on the hard drive depending on the scope and depth of the investigation.

Computer Forensics Investigations Services

  • Documenting The Incident
  • Identification Of Evidence
  • Imaging And Acquisition Of Hard Drive/Data
  • Examination And Analysis Of Evidence
  • Incident Reporting, Conclusions, Recommendations
Examination And Analysis Of:
  • Computers That Have Been Or Are Suspected Of Being Used To Commit Crimes, Resulting In Violations Of State Or Federal Laws
  • Computers That Have Been Or Are Suspected Of Being Used To Commit Violations, Resulting In Non-Compliance With Organizational Computer Security Policies
  • E-Mail Server Usage Analysis (What E-Mails Are Being Sent/Received By Your Organization?)
  • Network Storage Analysis (What Files Are Being Stored On Your Network?)
  • Home Computers Used By Young Children, Who’s Parents Have Concerns About Their Children’s Internet Activities Or Contacts With Individuals, When Using The Internet
  • Home Computers Used By Adults, Who Have Concerns About Each Other’s Activities Or Contacts, When Using The Internet
  • Other Specialized Computer Forensics Investigations Requested By Our Clients

A Computer Forensics Investigation is commonly undertaken because of a serious violation of organizational security policie(s), or because of violations of state or federal laws. The typical case is when the suspect computer or hard drive has been seized. A copy/image is made of the suspect hard drive. The Computer Forensics Investigator proceeds to Search for and Recover traces of evidence related to the investigation. Many other types of Electronic Devices can also store valuable information related to an investigation. (Personal Digital Assistances/PDA, Cell Phones, USB Thumb Drives, MP3 Players/IPOD, Digital Cameras, etc.)

Regardless of the reason the Computer Forensics Investigation is needed, the computer can yield valuable information about the suspected or known incident and yield significant investigative leads. The Computer is like a Tape Recorder, Recording Everything. Most of the time valuable information can be recovered. Most individuals do not realize that most everything they do on a computer leaves traces of information that can be recovered, even after it is deleted. This information can be used to reconstruct a computer user(s) activity. Traces of information can remain for months or years.

The recovered evidence may be used to establish that organizational security policies or crimes have been committed, assert other points or facts and understand the motives and intents of individuals or suspects involved in the investigation.

This recovered evidence can better assist an organization in making any decisions to reprimand or release an employee, for violating organizational computer security policies and/or any state/federal laws. Additionally, the facts may also be admissible as evidence in a court of law.

Few people realize that every Web Page, Picture or Movie/Video Clip that they view on the Internet is written to the hard drive. Instant Messenger/Chat Room Conversations, Internet Search Phrases, Passwords, Internet Surfing History are all written to the hard drive. Documents, Databases, Spreadsheets, E-Mails, E-Mail Attachments that you create of view, and latter decide to erase, are not really erased. Everything that is done on a computer is TRACEABLE and RECOVERABLE using Computer Forensics Technology.


Computer Forensics Investigations Can Reveal
  • Recovery of Data on Re-Formatted or Re-Partitioned Hard Drives
  • Recovery of Deleted Computer Files:
    • Documents
    • Spreadsheets
    • Databases
    • Calendars and Schedules
    • E-Mails, E-Mail Attachments, E-Mail Addresses
    • Address Books, Contact Lists, Buddy lists
    • Instant Messaging/Chat Logs
    • Internet Activity Log Files, HTLML Files/Web Pages
    • Photos/Images/Movies/Audio Files/MP3 Files
    • Maps and Directions from Searches of Mapquest and Google Maps
    • Most any other types of files stored on a Computers Hard Drive.
  • Recovery of Hidden Text/Meta Data in Documents/Files Revealing Important Investigative Information:
    • Document MetaData Information That Can Reveal: Dates and Times Of File Creation, Access, Modification and Deletion, Past Revisions, Printing Times and Authors
  • Recovery of Passwords for:
    • E-Mail Access
    • Password Protected Files
    • Password Protected Websites
  • Computer/User Activity Information/Analysis:
    • Discovery of Attempts to Conceal or Destroy Evidence:
    • Encryption
    • Stenography
    • Disk Wipers
    • Evidence Eliminators
  • Discovery of Recently Accessed/Used Files and Software Applications
  • Discovery of Software Application Installed
  • Discovery of Network Shares Connected To
  • Determination of Web Sites that have been Visited
  • Determination of Internet Search Phrases Used
  • Determination of What Files have been Downloaded/Uploaded (FTP)
  • Discovery of USB Thumbs Drives, Portable USB Hard Drives, Personal Digital Assistance/PDA, MP3 Players/IPOD, Digital Cameras that may have been Connected to Suspect Computer
  • Recovery of Data from the Electronic Devices listed above, that may have been Downloaded/Synced with Suspect Computer
  • Discovery of What Wireless Networks/Routers/Hot Spots the Suspect Computer has Connected To
  • Recovery of Suspects Location at Time of Incident (Notebook Computer)
  • Discovery of What File Sharing Networks the Suspect Computer has Used

WARNING!!!
Preserving computer evidence is of the utmost importance. Each time a computer is used after a suspected incident valuable information can be overwritten and lost.

If possible, once a computer is suspected of being involved in an incident the following should happen:

  • Immediately cease use of the suspect computer(s)
  • DOCUMENT ALL ACTIVITIES AFTER THIS POINT
  • Contact one of the following individuals inside or outside your organization for advice:
    • Computer Emergency Response Team Member
    • Computer Forensics Investigator
    • Network Administrator

A determination/decision will have to be made as to whether to leave the computer running or shut it down.

Note: Without first getting expert advice, a decision to shut down the computer may cause important information to be lost. If a decision was made to shut down the computer, immediately remove the suspect computer from public access and secure the computer in a location with very limited access. All access to the suspect computer(s) must always be documented.


COMPUTERFORENSICS911.COM
Voice: (888)-DOD-SCI1
           (888)-363-7241
Cell:    561-809-6800
Fax:    (301)-681-4530
11121 New Hampshire Avenue
Silver Spring, MD 20904-2163
investigate@computerforensics911.com