Computer Forensic Evidence Recovery.
Forensic Duplicate (clone).Computer Science Labs computer and digital forensics data recovery service will make an exact copy of the suspect equipment’s storage media e.g. hard disk(s), USB, flash memory, mobile phone etc., as soon as is possible after the equipment or computer has been seized. The precise duplicate copy must include ALL the normally visible files and ALL the sectors of the storage media, even if initially they appear to be empty, such that any deleted data fragments can be recovered. Our processes and procedures militate against contaminating evidence data so that what is produced is an accurate and detailed snapshot immediately prior to seizure. This process is called “forensic imaging” and must be undertaken using correct tools and procedures.
Forensic Records.In all cases and particularly where the actual storage device is faulty or damaged our technicians will record and document each action and the results of each action taken such that there is no opportunity for others to question the technician’s duties. The main hardware product used in data recovery is a “write-protect” device; it is installed along the cable that connects a hard disk or similar medium to a computer and, as the name implies, allows data on the hard disk to be read but blocks all attempts at writing to it.
Investigation.Cmputer Science Labs uses a variety of software products and fast hardware imagers to handle the recovery process, typical software products include “EnCase” or FTK Imager. These products are regarded as “de-facto” in the forensics industry and are a part of a broader forensics suite of applications. These products often contain in-built integrity checking, so that an “image file” (intermediate file which either can be directly examined or from which exact clones of the original can be made) can be verified against the original using “digital fingerprinting”.
nb. Not all imaging products can cope with all the disk operating systems that might be encountered and some versions of well-known products may fail to capture everything on a hard disk, which is why competent technicians need to be employed to carry out the work.
Need Assistance CALL: 0871 231 6806
RAID and Network Systems.Computer Science Labs also provide forensic data recovery services involving RAID arrays, Servers, Networked Computer and CCTV installations. These are typically deployed in shared user or input environments and specialist techniques are required when retrieving evidential data.
Evidence.Seized computers will normally be regarded as “real” evidence for admissibility purposes. However, the contents of individual documents (files) found on a computer may need to be admitted separately, particularly if more than one person has had routine access to that computer and each investigator will need to demonstrate that they are “authorised” to access the computers for the purposes of the Computer Misuse Act.
Advanced Data Recovery.Data storage devices involved in our case work frequently arrive at our laboratories in poor condition, normally as a result of environmental or malicious damage. Computer Science Labs Ltd., has developed Advanced Data Recovery tools and capabilities designed to restore such devices to a working condition. Such restoration, rebuild and retrieval are of huge benefit to individuals who need access to high worth or extremely sensitive data that was not possible using "consummer" type services. Provided the integrity of the recording media is still intact then in the majority of cases data may be retrieved from such devices. In a number of cases however the recording media may be damaged typically as a result of mal treatment, heat or water damage etc. In these cases research and development is conducted and Advanced Data Recovery techniques are employed in order to introduce read head positioning that may retrieve data from the un-affected areas of the recording media.
CCTV Forensic Investigations.Closed Circuit Television (CCTV) is now a significant factor in the prevention and detection of crime; CCTV facilitates evidence of physical and verbal actions vital in presenting facts as evidence to support a parties assertions of innocence or guilt.CCTV analysis includes the extraction, review and presentation of CCTV footage for legal matters. The extraction of the CCTV digital file records to a CD or DVD so that they can be viewed and presented using a normal computer system is a fairly straightforward process. However, in some systems CCTV proprietary file systems means that the extraction and viewing and analysis of files can be time consuming and complex. Additionally, failure of the CCTV hard disk drive can result in the requirement for a forensic data recovery before the CCTV analysis can start.
Computer Science Labs Ltd., - In all such cases, can offer a comprehensive data recovery service to any individual, business, police, law enforcement agency or data forensic provider that facilitates access to vital evidence data whilst operating within the full forensic imperative of CPR (Civil Procedure Rules) and ACPO (Association of Chief Police Officers).