Digital Forensics

Digital forensics: data acquisition to expert witness

Our forensic and data experts forensically collect, preserve, analyze, and produce information in a confidential, tightly controlled, and secure environment/procedure that allows for proper preservation of electronic evidence (e-Evidence). We also have experience testifying in Federal Court. With the growing prevalence of electronic communication, an increasing amount of evidence is contained electronically. As a result, in almost every criminal or civil matter, vital evidence is stored in an electronic format. At Continuum, our trained and experienced industry certified digital forensic investigators are ready to partner with you to handle all of your electronic investigative needs.

Sources of e-Evidence:

In an age where a very large percentage of corporate documents are kept only in electronic form, it's increasingly important to understand what types of devices represent threats to an organization. Continuum has the experience to help unearth threats corporations face as a result of having some of these devices and convey the consequences that may result from these exposures. When an incident occurs, Continuum is available to preserve and examine data on the following items:

Forensic Data Acquisition:

Generally a forensic capture is required when the media itself has evidentiary value or adverse behavior is suspected; this involves a search of deleted, temporary, and/or "slack" file space for evidence. Continuum’s certified forensic investigation team will work with you to create a complete evidence image on the bit level for each identified media source (i.e. laptop, workstation, server).

Targeted Data Acquisition:

A targeted collection is executed by helping you identify potentially responsive data. During custodian review, we are able to narrow our search by file types, date ranges, media sources, or any other filters deemed appropriate or necessary. Ultimately, we will only collect the specific materials needed to meet your case requirements. We do, however, recommend forensically imaging all hard drives in order to avoid the need to re-collect other file types or date ranges that do become potential sources of evidence as the case develops.

Best Practices for Incident Responders Collecting Electronic Evidence:

This white paper (download it here...) was developed to provide first responders with a basic understanding of key technical factors regarding the collection and preservation of electronic evidence and storage media. Often times, the first responder may be the system or network administrator, a senior information technology (IT) staff person, or a member of the incident response team. It is important that organizations recognize, protect, collect, and preserve electronic evidence in accordance with best practices and guidelines to reduce the likelihood of errors and claims of spoliation. Rash or hurried actions could damage or destroy potential evidence.