Computer Forensics

[column col=”1/3″]
[list type=”arrow2″]

  • Digital Evidence Acquisition
  • Covert & Remote Collections
  • Picture & Video File Review
  • Cell Phone Forensics

[/list]
[/column]

[column col=”1/3″]
[list type=”arrow2″]

  • Internet History Reconstruction
  • Computer Timeline Analysis
  • Keyword Searching
  • Email & Chat Recovery/Analysis

[/list]
[/column]

[column col=”1/3″]
[list type=”arrow2″]

  • Metadata Extraction/Analysis
  • Password & Data Recovery
  • Live Host & RAM Analysis
  • Expert Witness Services

[/list]
[/column]

[space height=”20″]

Binary Intelligence delivers legal professionals, corporate clients and individuals with relevant digital evidence that is realized using forensically sound and industry accepted methodologies. Equipped with an array of leading forensic technologies and extensive experience, our examiners devise and execute focused analysis strategies that are tailored to the specific requirements of each client. You can count on Binary Intelligence to provide expert service in all phases of the computer forensic process – identification, preservation, examination and documentation.

The identification phase involves determining potential repositories of pertinent electronic evidence. Our professionals work with the client to gain a thorough understanding of the target environment and consider all sources of data – including:

[list type=”arrow2″]

  • Local storage media (hard drives, CD/DVD’s, flash drives, etc.)
  • Volatile data (system RAM, ARP tables, active device configurations, etc.)
  • Network perimeter logs (Firewall, Web Content Filtering, VPN, etc.)
  • Server and devices logs
  • Cellular phones and PDA’s
  • Digital cameras, DVR systems and gaming consoles

[/list]

[space height=”20″]

The preservation phase involves the acquisition (collection and authentication) of digital evidence. This is accomplished by copying the data in a forensically sound manner and computing a one-way hash (electronic fingerprint) of the collected data. It is important that potential digital evidence is properly preserved and verified for admission in legal proceedings. After consulting with the client, our examiners will perform the appropriate acquisitions. Some methods include:

[list type=”arrow2″]

  • Static forensic imaging of systems and media that have been powered down
  • “Live” imaging or data collection from running systems
  • Lawful intercept and collection of data in transit (packet capture)
  • Covert (or “black bag”) media imaging and data collection
  • Remote network acquisition of storage devices or file level data

[/list]

[space height=”20″]

The examination phase is where results are realized. Our expert examiners perform advanced analyses and expert interpretation of findings. data recovery activities. Besides recovering evidence from standard allocated files, evidence is also culled from slack space, deleted files, unallocated space, and swap or paging areas. Critical evidence is also found in encoded container files, system logs, document metadata, and databases. The following represents a few of the many tasks that can be accomplished by a skilled forensic computer examiner:

[list type=”arrow2″]

  • Recover deleted or purposely hidden files
  • Determine the source and/or authenticity of electronic communications
  • Reconstruct a sequence of events performed on a computer system – even when measures have been taken to conceal these activities
  • Search allocated, unallocated, slack, and hidden areas of computer storage media to locate key words, phrases, and file types
  • Recover and track electronic correspondence such as e-mail, chat, and instant messages
  • Identify Internet activity such as browsing habits, file transfers, and newsgroup participation

[/list]

[space height=”20″]

During the presentation phase, examination findings are produced and/or communicated. Deliverables may include:

[list type=”arrow2″]

  • Expert report
  • Client consultation
  • Export of files in native format
  • Export of files in human readable form (PDF, TIFF, printed to paper, etc.)
  • Testimony

[/list]