What is Computer Forensics? Simply put, Computer Forensics is legal science for the extraction, recovery, analysis and authentication of residual data stored on computer media. This includes the retrieval of active files, hidden or deleted files, broken text fragments, portions of files that have been overwritten by other data, and virtually any other data that can be stored on computer media.

Why use a Computer Forensic examiner?
Ask yourself this question. Would I want a motorcycle mechanic working on my car? The analogy makes sense. A motorcycle mechanic may have expertise working on a motorcycle, but when it comes to a car the parts and techniques used are different. The same thing applies when it comes to Computer Forensics. You might find someone who works with computers as it pertains to other areas, but what expertise do they have performing the types of services offered by Computer Forensic specialists? No matter whom you choose to provide services, ask questions about their training, experience and expertise, and demand to see their credentials.

Who can use computer forensic evidence?
Anyone can use evidence obtained from Computer Forensic examinations. The types of cases where this can be helpful may include fraud, wrongful termination, trade secret thefts, divorce, embezzlement, or any other type of civil case.

When do I call a computer forensic examiner?
If you suspect a computer contains evidence you feel will be used for ANY future purpose, quarantine the computer and call us right away. Remember, you can NEVER go back to get this data if you do not preserve it NOW. If the computer is off leave it off. Do NOT look at files, as this may alter dates and times which may prove to play a critical role in your situation. If you do not know what to do call us and we can walk you through it.

Evidence Preservation?
Have you taken the proper steps to ensure the evidence has been preserved? This is probably the most critical and least expensive measure that should be taken; yet it is often the most overlooked. Is your client relying on their IT staff to make a "GHOST" copy of the hard drive? Can the IT staff testify that the "GHOST" copy is an exact bit for bit copy of the original hard drive? Based on Computer Forensic training and experience the answer is probably "no they cannot"?

Using a non-forensic tool to copy your evidence will lead to problems when it comes time to authenticate your evidence preservation measures. Even if you do not think you will ever use Computer Forensic, remember what is here today will not be here tomorrow without the proper evidence preservation measures being implemented. An evidence preservation snapshot service will show you how our certified examiners can preserve the evidence using cost effective, court validated techniques.

Expert Witness Services?
Regardless of the type of Computer Forensic work you have completed, it is vital to have it properly presented in court. If the examiner cannot go into court and explain their findings in a clear and concise manner, the examination is for naught.
Computer Forensic examiners are qualified experts who appear in court to help you properly present your case.

Wrongful Termination?
As more and more laws are implemented to protect the employees, the wrongful termination process has and will continue to become a much more complicated process. With the use of more and more technology, companies need to set and keep up to date all of the policies and procedures required to avoid any misguidance when it comes to termination of an employee. You as legal council will be tasked with the burden of keeping up with all the legal aspects required to overcome any challenge regarding termination.

Keep yourself in contact with Computer Forensic experts in order to implement the appropriate process to avoid wrongful termination lawsuits. If you find yourself involved in a wrongful termination lawsuit and now need to preserve evidence for possible computer forensic analysis, or you simply need an evidence preservation letter to keep the opposing party from destroying evidence.

Intellectual Property?
The protection of intellectual property is becoming more and more challenging due to the fact that technology allows the copying, transferring, destruction and manipulation of intellectual property in many cases without obvious traces. Computer Forensics can help to discover if inappropriate actions were taken by anyone in regards to intellectual property. Intellectual property can now be transmitted across the world in a matter of seconds. This type of activity can certainly leave traces of evidence on the computer.

If you feel you have been a victim of intellectual property theft Computer Forensic examiners can assist you in taking the necessary steps to preserve the evidence, identify misuse of the computer, and assist in providing the necessary evidence to help you return the Intellectual property to your client.

Policy Violations?
When your client has policy violations, have these violations clearly and precisely been communicated to the employee. In the technical field, there are many ways in doing the same thing, can you tell the difference between a human error and an intentional policy violation. Computer Forensics can help in determining if there was mal intent on by your client's employee, or simply human error.

Even if you aren't sure whether or not your client's written policies will support their claim, a consultation with a Computer Forensic expert will assist you to determine what evidence may or may not be found on the misused computer. If your client's matter involves a weakness in their current computer policies, Computer Forensic specialist can assist them in a policy review.

Termination Support?
Are you in the process of terminating an employee for the misuse of a computer system or any other electronic device? Do you have the appropriate knowledge on what procedures you need to follow in order to preserve the evidence?

Let Computer Forensics fill in the puzzle in order to avoid unnecessary legal actions in the future. Maintain evidentiary integrity and let the facts speak for themselves.

Computer Policy Analysis?
Does your policy clearly and precisely identify misuse of company computer equipment? Has it been updated to account for new techniques or more efficient ways of doing things? Is the personal use of office equipment for anything but business matters been clearly documented and acknowledged by the employee? Have ongoing review of new laws been considered to make necessary changes to company policies?

Computer Forensic can help determine the effectiveness of your current policy in order to avoid potential problems in the future.

Network Security?
This service can include a network security policy audit, a physical network vulnerability assessment, and penetration testing. You can choose which or all of these services will meet your individual needs. No matter which service you choose, they can each be applied to laws such as SB1386 , HIPAA , and Sarbanes-Oxley .

A security vulnerability assessment is a comprehensive discovery, auditing and reporting of your security practices. Using our expertise in securing networks, social engineering and identifiable vulnerabilities, we are capable of identifying your network's weaknesses. We also provide a review of your current policies to determine your areas of weaknesses.

Intrusion Analysis?
Closely related to Network Forensics, Intrusion analysis allows us to gain insight into the hacking world. Through forensic techniques, we can determine the method used to gain unauthorized access into your network. Basically, the hacker’s methods are reverse engineered to give a clear and concise picture of what occurred. In some cases, the hacker’s tools “A.K.A. Root kit” are discovered on the compromised machine. This is where many of the hacker’s techniques and abilities are discovered.

Out of an Intrusion Analysis comes the understanding of vulnerabilities. Based on the method of attack and compromise, a sound security measure can be set into place to prevent future intrusions related to the same vulnerability. Computer Forensic can also provide you with full security assessment.

Policy Review?
An often over looked area in the corporate environment is the policy related to the corporate network. Without proper policy in place, what actually constitutes a policy violation for termination purposes? Lack of the proper policy documentation can be very detrimental to the corporate “bottom line.” Unfortunately, it is usually an “after the fact” event that occurs.

The greatest area of concern, in our experience, is the policy that pertains to employee usage of the company computers, and company network. This policy is key in defending the corporation when an employee is terminated for a “policy violation”. Without clearly defined policy, the risk of suffering and losing a wrongful termination lawsuit is high.

Computer Forensic examiners possess the experience and expertise required to evaluate your company computer and network policy. We can work closely with you, the security professional, to determine if they require changes or updates due to new laws. Let us help you in the protection of your corporation’s most valuable asset, “The Bottom Line”.

Hard Drive Sanitation?
Hard drive sanitation is exactly what it sounds like, except digitally. Many people are under the impression that reformatting destroys the data. Many IT personnel believe that reinstalling the operating system, on top of the old data, will eliminate what was once there. All of the above are false. Due to the nature of the way file systems work, very seldom is data actually deleted.

Poor recycling or sanitation of hard drive media can be disastrous. Company or client data can unknowingly be released into the public. Once that data has been released from the corporate environment, it is almost impossible to recover it, as data is so easily copied and transmitted across the Internet. Computer Forensic specialists can provide solid industry techniques and software to accomplish the necessary processes your corporation needs to maintain data integrity.

For your computer forensic needs, contact DataClues, Inc. at http://www.dataclues.com

Visit www.cynergypro.com and experience Cynergy’s Forensic IT web cast series.