by admin-jon | Jan 29, 2009 | Blog, Collection, Computer Investigations, Definition, Electronic Discovery, ESI Collection, ESI Software
‘Imaging a hard drive’ is a phrase that is commonly used for preserving the contents of a custodian hard drive or server. It can also be used to describe when a custodian hard drive is cloned. It is worth taking some time to understand the differences and the...
by admin-jon | Jan 27, 2009 | Blog, Data Recovery, Electronic Discovery, File Recovery, Software, Tips & Tricks
It’s important to understand that deleted email is not recovered or indexed using common litigation support or electronic discovery software. These applications only process email that is still visible within the email software. Some email recovery software can also...
by admin-jon | Nov 21, 2008 | Blog, Collection, Computer Investigations, Data Recovery, File Recovery, Metadata, Software, Tips & Tricks
Copying corporate data and using it at a competing company (intellectual property/corporate asset theft) is a common and serious concern for companies and their legal counsel. When employees leave companies, there are often questions about the security of the...
by admin-jon | Nov 19, 2008 | Blog, Computer Investigations, Data Recovery, Electronic Discovery
Recovering data from a hard drive is one of the most common tasks during a computer investigation. Here are a few of the artifacts which computer investigators may retrieve from unallocated (free) space to assist in a case: * MS Office documents * Acrobat files (.pdf)...
by admin-jon | Oct 7, 2008 | Blog, Electronic Discovery, Hardware, Software
When examining or processing the files on a hard drive, it is extremely important to retain the original file contents and time stamps. Many people don’t realize that just connecting a hard drive to a PC will alter the contents of the hard drive. In order to preserve...
by admin-jon | Sep 25, 2008 | Blog, Computer Investigations, Electronic Discovery
Searching and identifying relevant content is a common process for both electronic discovery and computer forensic investigations. But some people don’t realize the challenges associated with indexing hundreds, or even thousands, of different file types and data...
by admin-jon | Sep 16, 2008 | Blog, Computer Investigations, Metadata
One of the common requests we receive is to help a client determine when a document was created, or if it existed at a specific date and time, and when it was last modified. For example, an employment dispute may involve one of the following circumstances: A memo was...
by admin-jon | Sep 12, 2008 | Blog, Collection, Electronic Discovery, ESI Collection, Preservation
Changes are underway in how electronically stored information (ESI) is processed and reviewed. These changes are due to the huge size of repositories – hundreds of gigabytes or multiple terabyte sizes – identified for collection and processing....
by admin-jon | Aug 28, 2008 | Blog, Tips & Tricks
The CCE (Certified Computer Examiner) is a certification obtained through ‘The International Society of Forensic Computer Examiners’ (ISFCE). I’ve noticed that many CCE training facilities are geared towards criminal investigations so they don’t necessarily address...
by admin-jon | Aug 27, 2008 | Blog, Computer Investigations
In my previous post, I identified several primary differences between computer forensic investigations and electronic discovery processing. Next, I’d like to identify some general case categories and tasks that involve a computer forensic investigator. Case...
