Computer Forensics incorporates the use of specific high level analysis software and the methodology and examination skills of a trained Computer Forensic Expert. These analysis processes are accepted by Law enforcement and the judicial system making them admissible in a court of law.
Computer Forensics has more recently been referred to as “Digital Forensics” and “Computer Forensic Analysis”.
Put simply there are four main stages of a Computer Forensic Investigation:
Computer Forensic ” Imaging” or “Acquisition”
Creating a forensically sound and exact copy of the data and making sure the original evidence is secured and protected. This is done using a “write blocker” so that no new data can be written to the hard drive only the exisiting data can be read and analysed. It is vital that this procedure is completed otherwise it could lead to any potential evidence being inadmissible should the case go to court.
Please also see our page on on-site data collection.
Computer Forensic Analysis
The actual examination of the device and its data by the computer forensic analyst using a range of powerful forensic tools, the most popular being Guidance Software’s EnCase and Access Data’s FTK.
The conclusions and opinions drawn by the computer analyst regarding the outcome of the examination and the clear presentation of findings within an easy to understand report.
If the case goes to court the computer expert may have to give his or her opinion regarding the computer forensic analysis. All of our Computer Forensic Investigations follow strict written documentation and handling procedures to ensure the continuity and the integrity of the evidence is maintained at all times.
X-act Forensics follow the Association of Chief Police Officers guidelines (ACPO) in the strict handling of all digital evidence. For more information on computer forensic analysis from X-act Forensics please contact us on 0330 133 0288.