The answer to this question is that any potential victim of a computer crime can benefit from computer forensic services. The computer, mobile phone and tablets have invaded our very existence, become a part of our lives, and is an integral part of almost every case, from complex litigation and class actions, to contract disputes. Computer crimes are crimes in which computers are used as a tool to facilitate or enable an illegal activity, or have been a target of criminal activity. It is estimated that over 85% of all crimes and infractions committed today contain a digital signature.

Computer forensics services can be used by anyone who thinks a crime or breach of policy or a wrong has been done. They may also be utilized by someone who is defending or protecting themselves, or another party, and are looking for evidence to prove or disprove the commitment of a crime or breach of information.

The statistics are familiar; 85% of all corporate data is stored electronically, 93% of new data is stored electronically, and approximately 75% of this information is never printed. Consequently, in almost every legal matter, critical and relevant evidence will be stored electronically. Proper collection and examination of this evidence is critical to avoid spoliation, to preserve the evidence, and to manage costs. Computer forensics is the methodology used to ensure that electronic evidence is properly acquired and handled so that it may maintain its evidentiary status.

It is well documented in the media that computer or digital evidence has been the “smoking gun” in many high profile cases. With the majority of new information in businesses of all sizes being created and stored on computer systems, it is indisputable that digital evidence should be considered a primary source of evidence. It is certainly not in anyone’s best interest to ignore potentially relevant sources of evidence in any case, including computer evidence.

The  Investigator’s first step is to clearly determine the purpose and objective of the investigation in a free consultation. We will work with you to identify where your data is located. We will document the legal chain of custody of the media and we will make a bit by bit copy and preserve the original. The computer forensic analysis will examine and extract the data that can be viewed by the operating system, as well as data that is invisible to the operating system including deleted data that has not been overwritten.

In addition, an examiner will work to uncover all files on the subject’s system. This includes existing active files, and invisible files, hidden files, password-protected files, and encrypted files. In many cases, information is gathered during a computer forensics investigation that is not typically available or viewable by the average computer user, such as fragments of data that can be found in the space allocated for existing files (known by computer forensic practitioners as “slack space”). Special skills, tools and software are needed to obtain this type of information or evidence.

A Computer Forensics expert can recover all deleted files and other data that have not yet been overwritten. As a computer is used, the operating system is constantly writing data to the hard drive. From time to time, the operating system will save new data on a hard drive by overwriting data that exists on the drive but is no longer needed by the operating system. A deleted file, for example, will remain present on a hard drive until the operating system overwrites all or some of the file. The ongoing use of a computer system may destroy data that could have been extracted before being overwritten. That is why we stress that time may be of the essence. Fortunately, the costs of acquisition are very reasonable, and the process is generally not disruptive.

At the conclusion of an investigation, our Computer Forensics investigator will provide a detailed analysis of the computer system in a written report. We will also provide our clients with a copy of all relevant data in digital form.

The owner of a computer can grant permission for it to be examined. A business may grant permission for a search on any of their computers, regardless of the user. In a civil dispute, the parties can agree to an examination or the court can order an examination. In a criminal case, the computer will usually first be seized by law enforcement. The opposing attorney can often request copies of the seized material and the report of its examination or request an examination by a private lab.

For a mobile device we will need the device for a few (3 to 5) hours to make a copy of the data on the device, once we have that copy we will go through the data and make a report.

For a computer we need the device for 24 hours, we can collect (make a bit by bit copy of the data) within a few hours (6 to 8) after business hours as to not disrupt business for an extra fee. Again once we collect the data we will go throught the data and make a report.

Depending on need the turn around after collecting the evidence can be a day, a week or more. There may be lots of data to go through.

Absolutely! If we come pick up the device it goes directly into a faraday bag. If the device is shipped to us it is taken directly into our locked faraday room to be unpackaged and the bit by bit copy made. Every device is stored in the locked faraday room while the investigator has the device. When the investigator has completed the work on the device, they package it back up including sealing it up in a bag with security tape on it, then packaging it up for shipping. We do NOT put security tape on the outside packaging because we do not want to attract attention to the package.

A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. A Faraday shield may be formed by a continuous covering of conductive material, or in the case of a Faraday cage, by a mesh of such materials. Faraday cages are named after scientist Michael Faraday, who invented them in 1836.

A Faraday cage operates because an external electrical field causes the electric charges within the cage's conducting material to be distributed so that they cancel the field's effect in the cage's interior. This phenomenon is used to protect sensitive electronic equipment (for example RF receivers) from external radio frequency interference (RFI) often during testing or alignment of the device. They are also used to protect people and equipment against actual electric currents such as lightning strikes and electrostatic discharges, since the enclosing cage conducts current around the outside of the enclosed space and none passes through the interior.

Faraday cages cannot block stable or slowly varying magnetic fields, such as the Earth's magnetic field (a compass will still work inside). To a large degree, though, they shield the interior from external electromagnetic radiation if the conductor is thick enough and any holes are significantly smaller than the wavelength of the radiation. For example, certain computer forensic test procedures of electronic systems that require an environment free of electromagnetic interference can be carried out within a screened room. These rooms are spaces that are completely enclosed by one or more layers of a fine metal mesh or perforated sheet metal. The metal layers are grounded to dissipate any electric currents generated from external or internal electromagnetic fields, and thus they block a large amount of the electromagnetic interference. They provide less attenuation of outgoing transmissions than incoming: they can block EMP waves.

What does all that mean? 

That means no signals can come in or go out of our faraday clean room.