• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Data Acquisition And Imaging For Computer Forensics And Electronic Discovery In Houston, Dallas, Austin, San Antonio, Texas and New York
 

Data Acquisition And Imaging For Computer Forensics And Electronic Discovery In Houston, Dallas, Austin, San Antonio, Texas and New York

on

  • 627 views

Computer forensics, digital debugging, network breaches, Data Acquisition And Imaging as well as traditional private investigation services in Houston, Dallas, Austin, San Antonio, Texas and New York ...

Computer forensics, digital debugging, network breaches, Data Acquisition And Imaging as well as traditional private investigation services in Houston, Dallas, Austin, San Antonio, Texas and New York at investigations.com. Having the right equipment, knowing how to work with live systems, and being able to work quickly and discretely are all skills of McCann investigation technicians.

Statistics

Views

Total Views
627
Views on SlideShare
627
Embed Views
0

Actions

Likes
0
Downloads
12
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Data Acquisition And Imaging For Computer Forensics And Electronic Discovery In Houston, Dallas, Austin, San Antonio, Texas and New York Data Acquisition And Imaging For Computer Forensics And Electronic Discovery In Houston, Dallas, Austin, San Antonio, Texas and New York Presentation Transcript

    • Call Now: (800) 713-7670 (281) 456-2474Data Acquisition And Imaging For Computer Forensics And Electronic Discovery mccanninvestigations.com
    • Data Acquisition & ImagingData Acquisition» McCann technicians have the electronic discovery and computer forensics experience to extract the ESI on laptops, desktops, servers, virtual servers, cellular phones, smart phones, external drives, and other types of electronic media.» McCann specialists not only retrieve hidden or encrypted data from networks, hard drives, and electronic sources, but also document every point of electronic discovery in the process.» This information is then compiled into a clearly written digital forensic report explaining what the data reveals. If you choose to take legal action, our investigators can testify in court with this forensically sound data as accredited investigators with years of experience and knowledge of the legal process. mccanninvestigations.com
    • » The specialists at McCann are well-versed in all operating systems— including Mac OS, Windows, and Linux—and start any investigation by examining all networks, hard drives, and backup drives on the device.» Our digital forensic experts specialize in protecting all hardware, software, and data from being compromised during the search, electronic discovery of encrypted or hidden files, deciphering and breaking any codes or passwords needed to retrieve information, and data recovery of deleted files.» We also document every step of the investigation so that it can be presented clearly to a judge or jury. mccanninvestigations.com
    • » It is important to follow a legally correct computer forensic process while obtaining evidence of any illicit activity.» To gather forensic evidence, you need a licensed specialist with knowledge of hardware architecture, software systems, and the legal process.» The right forensic evidence gathered in the wrong way can ruin chances of presenting the forensic evidence in court. As electronic data can be a crucial factor in any digital forensic case, proper procedure is essential. mccanninvestigations.com
    • » Understanding electronic discovery of digital forensic evidence in its many forms is a core skill of McCann experts.» Our computer forensic experts have the experience to acquire the ESI on laptops, desktops, servers, virtual serves, cellular phones, smart phones, external drives, and other types of electronic media.» Acquiring data from laptop is different than a virtual drive or from an iPhone. Having the right equipment, knowing how to work with live systems, and being able to work quickly and discretely are all skills of McCann investigation technicians. mccanninvestigations.com
    • Data Imaging» Data imaging is focused on recovering “non-spoiled” evidence for the purpose of support in negotiation, internal investigation, civil court, or in a criminal court.» A critical step in a professional investigation is imaging, or creating an exact replica of the device and data being considered as digital forensic evidence. This is similar to how a physical crime scene would be photographed to collect evidence and leads.» The experts at McCann use well-respected technology, such as Encase, and standards to ensure that any evidence found will be permissible in a trial situation. mccanninvestigations.com
    • » Once the data is obtained, it is duplicated using a write blocking device and our hard drive duplicator, and then software imaging tools like Encase, FTK Imager or FDAS step in.» The media is then verified by the SHA or MD5 hash functions. Imaging Procedure will vary depending on if device is powered on or off, scenario, scope of case, imaging for “us” or opposing side, operating system, time constraints, directives in court order, etc. Imaging of data have some similar steps.» These include starting the chain of custody; recording type, brand, model, serial number of device and storage media inside device; photographing devices and storage media inside devices; verifying accuracy of date and time of device; and verifying information collected.» Each type of ESI source, such as laptops, desktops, servers, hosted drives, mobile phones, and smart phones all have unique steps in the imaging process. mccanninvestigations.com
    • 1 Laptops:1 • The laptop imaging process creates a forensically sound bit-by-bit copy of the drive to a set of digital forensic image files that contain drive checksum values throughout the forensic image as well as MD5 and SHA1 hash values for the drive image. • The forensic image is verified and compared against original hash value, checked for errors and loaded to check for partitions, file systems, and encryption. The internal calendar and clock of the laptop are noted, and the drive is re-installed back into the laptop. mccanninvestigations.com
    • 2 Desktops:2 • The desktop imaging process creates a forensically sound bit by bit copy of the drive to a set of digital forensic images. The number and type of storage devices in the desktop is determined. • The hard drive(s) is/are removed from the desktop, and the type, brand, model, serial number of the drive(s) is/are recorded and photographed. mccanninvestigations.com
    • 2 Desktops:2 • The drive is then hooked up to a high-speed forensic imaging device which determines existence of any hidden areas of hard dive such as DCO or HPA and creates a forensically sound bit-by-bit copy of the drive to a set of digital forensic image files that contain drive checksum values throughout the forensic image as well as MD5 and SHA1 hash values for the drive image. • The digital forensic image is verified and compared against original hash value, checked for errors and loaded to check for partitions, file systems and encryption. The internal calendar and clock of the desktop are noted and the drive is re-installed back into the desktop. mccanninvestigations.com
    • 3 Servers:3 • The server hard drive imaging process creates a forensically sound bit by bit copy of the drive to a set of digital forensic images. The RAID type and configuration is determined with the number and type of storage devices in the server. • The hard drives are removed from the server one-at-a-time, and the position, type, brand, model, serial number of each drive is recorded and photographed. mccanninvestigations.com
    • 3 Servers:3 • One-at-a-time, the drives are then hooked up to a high-speed computer forensic imaging device and a forensically sound bit-by-bit copy of each drive is created to a set of digital forensic image files that contain drive checksum values throughout the forensic image as well as MD5 and SHA1 hash values for the drive image. • The digital forensic images are verified and compared against original hash value, checked for errors and loaded (virtually rebuilding RAID configurations in the forensic software where necessary) to check for partitions, file systems and encryption. The internal calendar and clock of the server are noted and the drives are re-installed back into the server. mccanninvestigations.com
    • 4 Hosted drives:4 • The hosted drive imaging process creates a forensically sound bit by bit copy of the drive to a set of digital forensic images. Determine type of hosting, hosting environment, server hardware, version of client and server host and operating system. • The most accurate and efficient method of access is determined depending on hosting environment. Forensic imaging software is run from hosting account with proper permissions and access for scope of imaging. • Forensic imaging software is run on requested data to create a forensically sound copy of the requested files and data with necessary hash values. The digital forensic images are verified and compared against original hash values, checked for errors. Appropriate chain of custody is started for the collected data. mccanninvestigations.com
    • 5 Flash drives or other small medium:5 • If storage device is being removed from camera, phone or other device and photograph. The type of storage media is determined. The media is removed from the device if necessary, and the type, brand, model, serial number of the media is recorded and photographed. • The media is then hooked up to an appropriate hardware write-blocker (via adapter or reader if necessary). mccanninvestigations.com
    • 5 Flash drives or other small medium:5 • Forensic imaging software is run to create a forensically sound bit-by- bit copy of the media to a set of forensic image files that contain checksum values throughout the forensic image as well as MD5 and SHA1 hash values for the image of the media. • The forensic image is verified and compared against original hash value, checked for errors and loaded to check for partitions, file systems and encryption. The internal calendar and clock of the device are noted and the media is re-installed back into the device if necessary. mccanninvestigations.com
    • 6 Mobile and Smart phones:6 • The mobile imaging process creates a forensically sound bit by bit copy of the drive to a set of forensic images. The phone is examined for existence of internal storage, flash storage and SIM card. • If SIM card exists, it is removed and cloned with the exception of provider network information to prevent connection to the provider network which keeps phone secure and prevents remote wiping and prevents incoming calls, messages, voice mail, etc. which could overwrite deleted information on the device. mccanninvestigations.com
    • 6 Mobile and Smart phones:6 • Flash storage devices are removed and imaged according to “Flash drive and small medium” procedure. If the phone does not have a SIM card, it is then placed inside a faraway container which prevents wireless signals from reaching the phone. The phone is then hooked up to a mobile phone forensic imaging device using appropriate cable or connection method. • The phone is imaged in 1 or more ways depending on supported access methods which may include direct access, software query, file system dump or physical image. The images are verified and compared against original hash values, checked for errors and loaded to verify data. mccanninvestigations.com
    • A typical scenarios can include “hostile imaging” (not dissimilar fromsome of the issues encountered at Noble), physical access issues (suchas security or not having proper authorization to areas of hardwareneeding to be imaged), encryption, employees finding out aboutimaging and “forgetting” company laptop at home that day, unexpecteddrive types or sizes requiring specialized hardware or software forimaging, slow or older hardware that can significantly increase imagingtime, missing hardware, failing drives or media, court orders or otheragreements preventing looking at or verifying collected data that is laterfound out to be invalid, encrypted, wrong custodian, etc. after access isgranted, last minute changes that change the scope or hardwareneeded for imaging process. Start chain of custody on laptop. mccanninvestigations.com
    • Facebook TwitterOffices: Houston | Dallas | Austin | San Antonio | New York Headquarters: 5205 Spruce, Houston, TX 77401 Call Now (800) 713-7670 or (281) 456-2474 mccanninvestigations.com