Browse > Home / Services / Forensics

Forensics

 

Digital forensics is computer-based investigations and analysis techniques to identify, examine and preserve potential electronic evidence so that it remains admissible in a court of law.

To address digital forensics needs, Carolina Advanced Digital offers provides products and services based on the EnCase software. EnCase software and professional services are available through Carolina Advanced Digital.

Advanced Digital Forensics by Carolina Advanced Digital can investigate cell phone data and single-PC analysis to investigation of network intrusions. After an attack, network forensics can identify point of entry, method of access, damage reports and security recommendations to prevent future attacks.

Services include investigation of networks and digital media, including:

  • Computers
  • Hard disks
  • PDAs
  • Mobile Phones

——————————————————————————–

Who Needs Digital Forensics and When?
The Advanced Digital Forensics division provides forensic examinations of digital and computer media to customers including:

  • Criminal Prosecutors
  • Private Investigators
  • Business
  • Government Agencies
  • Law Enforcement
  • Attorneys
  • Financial Institutions
  • Civil Litigators

Digital forensics may be needed to examine evidence in criminal and civil cases, including:

  • Theft of intellectual property and/or data
  • Corporate HR, including harassment, policy violations, termination conflicts
  • Investigation of external threats
  • Suspicious activities
  • Corporate Espionage
  • Fraud & embezzlement
  • Family law and domestic issues
  • Electronic sabotage
  • Electronic document destruction
  • Criminal investigations

——————————————————————————–

Services

  • Preservation and authentication of electronic evidence
  • Analysis of computer hard drives and other electronic media
  • Recovery of deleted files, partitions, formatted drives
  • Arbitration support
  • Internet investigations
  • Expert witness testimony

——————————————————————————–

Features and Benefits

Incident Response Options. You have the option to contract services as needed for forensic investigations after network intrusions and/or human resources issues.

File System Support. Windows FAT12, FAT16, FAT32, NTFS, Macintosh HFS, HFS+, Sun Solaris UFS, Linux EXT2/3, Reiser, BSD FFS, Palm, TiVo Series One and Two, AIX JFS, CDFS, Joliet, DVD, UDF and ISO 9660. EnCase uniquely supports the imaging and analysis of RAID arrays, including hardware and software RAIDs.

The EnCase® Evidence File. A proprietary file created to compress and preserve bitstream images of acquired media. The EnCase Evidence File is widely known throughout the law enforcement and computer security industry, and it has been court accepted to the federal appellate level.

View “Deleted” Files and Other Unallocated Data in Context. Windows Explorer-type view of deleted and unallocated data. This includes file slack, swap files, print spooler data and all other unallocated data files.

Encrypted Volumes and Hard Drive Encryption. Analyze and acquire mounted encrypted volumes like PGP and DriveCrypt and give examiners full access to data on hard drives that are wrapped with encryption technology, such as SafeBoot.

Link File Examination. Gives the examiner valuable information, such as learning that a suspect is transporting company data onto a thumb drive or external media, or what files, applications and shares the suspect commonly used.

Log and Event File Analysis. Provides a single means to analyze, search and document log and event file data.

Proximity Search. This feature searches through all files in a case for a specific keyword and returns the responsive documents with the keyword and a specified number of bytes surrounding it. This is a critical function when trying to add context around the information you are searching for.

Internet and Email Search. This feature will find, parse, analyze and display various types of Internet and email artifacts across machines. The Internet and email search finds mail formats such as Hotmail, Outlook, LotusNotes, Yahoo, AOL, Netscape, mbox, Outlook Express and Internet artifacts from Internet Explorer, Mozilla, Opera and Safari.

Documentation & Reporting. Lets you define with detailed granularity what information is presented and how it is presented, depending on the purpose and target audience of the investigation. Almost all information revealed by EnCase Forensic can be exported into various file formats for external reporting and analysis purposes.

Email Analysis. Find, parse, analyze, display and document various types of email formats, including Outlook PSTs/OSTs (‘97–’03), Outlook Express DBXs, Lotus Notes; webmail such as Yahoo, Hotmail, Netscape Mail; UNIX mbox files like those used by Mac OS X; Netscape; Firefox; UNIX email applications; and, AOL 6, 7, 8, 9. EnCase Forensic can display deleted emails, notes, contacts and calendar entries for PSTs and OSTs, as well as copy/unerase email messages to popular message formats for external reviews.

Browser History Analysis. Powerful and selective search capabilities for Internet artifacts that can be done by device, browser type or user. Automatically parse, analyze and display various types of Internet and Windows history artifacts logged when websites or file directories are accessed through supported browsers, including Internet Explorer, Mozilla, Opera and Safari.
——————————————————————————–

Contact
For more information please contact:

Jeff Griffin
Forensics Services Manager
Advanced Digital Forensics by CAD
919.663.2211 x108