You cannot take a file by copying it from the suspects' device as all metadata (timestamps, other file properties) will change and such file as evidence cannot be trusted anymore. It is like presenting a fingerprint in court acquired from photography but not through forensic methods. Risks are increasing as you will not collect files, those were intentionally or accidentally renamed or were marked hidden. Moreover, you won’t collect files, which were deleted. As a top up, archives and databases will be left behind, such as E-mail archives (PST for Outlook would be perfect example). By applying Digital Forensics approach, you will collect absolutely everything in no time.
Just one gigabyte (GB) of data can hold up to 65.000 (sixty-five thousand) pages in Microsoft Word document. Or it can contain almost 700.000 (seven hundred thousand) plain text documents (in Notepad, txt file format). We already mentioned that this year it is expected that every single human being will generate 6.25 terabytes of data, that is 6250 (six thousand two hundred fifty) gigabytes, you can do the math. Moreover, remote work caused even higher digital data generation. Millions of files can be present in one simple case with thousands of files deleted, hidden, or renamed. Without proper approach, you are missing over 90% of data in your case.
Here we will bust a huge myth – computers cannot delete data. It is simply not invented or better say technically not possible. Digital information can only be written and when the deletion is required, such data will be overwritten – simple as that. That is why data recovery is possible. However, if the device is in use, there is a high risk, data can be altered, deleted (overwritten), or otherwise compromised. That is why it is very important to secure data by acquiring it using digital forensics methods. Moreover, there should be policies applied including but not limited to a chain of custody, forensic methodology, etc.
Digitally stored documents (files) contain more than meets the eye. It holds timestamps (when the file was created, written, modified) as well as properties, such as author, file transfer logs (from/to different locations), and much more. All this can help to expand the picture in full by bringing all puzzle pieces into one place. Now you can zoom in and see what was there behind the curtain. By finding a PDF file of a certain agreement, you can check when this PDF was created from the WORD document, after examining WORD document and check if timestamps match agreement dates or it was faked – fraud case in place.
It is enough to make an exact, 100% authentic copy of the source device and store it as a file. We call it – digital evidence. Such evidence cannot be altered or modified as it is protected. Evidence is created using Forensically Sound Acquisition method. It will hold unique ID (called hash) upon creation. You, or any other 3rd party can duplicate and work with such evidence with high confidence as it will always remain the same. Moreover, there is always possibility to come back to any checkpoint of your investigation or even to it's roots and start over.
Now you have access to everything whenever you need it.
As an auditor or lawyer, you can build a piece of bulletproof evidence in your case by relying on court-proven technology called – digital forensics. As a part of forensics science used by law enforcement, you can be sure your evidence is unbeatable, which eventually will make you and your customer a winner. Alternatively, when you need to reveal the truth, you can be sure all information and data are preserved, collected and present in your case.
Complex yet simple service, which is utilizing all security measures available for digital investigations, analysis, and search.
Your personal details are safe with us.
