Computer Forensics is the scientific examination and analysis of data held on or retrieved from computer networks or storage media for the purposes of presentation in a Court of Law.
The subject matter includes:
- Secure collection of data
- Maintenance of a formal chain of custody
- The examination of data to determine details such as origin and content
- The collation and presentation of information about computer data and computer systems to courts of law
- The protection of computer data
- The application of a country's laws to computer practice
When the examination of either computer storage or computer networks is to be performed as part of an internal investigation or a the result of an external attack. If there is a reasonable expectation that examining a system or network may result in an actionable item such as: an employee being suspended or fired, an individual being charged with a crime based on computer evidence, or a technical investigation of an external incident. Forensic analysis of computers is outside the body of knowledge of the average information security specialist. If you have any doubt as to your need for a computer forensics specialist, contact IRG now for an initial consultation.
The forensic examination of the contents of a computer is a skilled job and special procedures, techniques, and tools are required to ensure that any information that is retrieved can be presented as evidence in a court:
- Evidential Integrity requires that the material being examined is not changed in any way. What is examined must be an exact copy of the original.
- Continuity of Evidence refers to the means used to vouch for the actions that have taken place regarding the item under examination. This covers the seizure, handling, and storage of equipment and copies.
IRG's approach to electronically stored information (ESI) best management leads the industry. Court cases have been lost because of a plaintiff's electronic discovery "experts", data custodians, or attorneys improperly manage ESI. Our methodologies have been designed as a result of years of hands-on experience with cases requiring computer forensics specialists. We follow strict guidance with respect to evidence handling as adopted by the jurisdiction in which your case will be filed. IRG will work with you to identify, preserve, collect, process, and analyze relevant ESI data. IRG uses ESI best practices to provide your company with fast, accurate, reliable results.
Please contact us with any questions you may have on this subject or any other services Info Risk Group offers.
Offering information security and risk management services to companies throughout the Americas.