Can you determine who wrote or printed a computer document?

What is the cost of a Computer Forensics investigation?

Answers

What is involved in Computer Forensics?

Computer Forensics includes the acquisition, examination, identification, analysis and interpretation of electronic data commonly created and used by computers and related digital devices.

What is the purpose of Computer Forensics?

Computer Forensics may be used to support both civil and criminal litigation as well as to enhance overall corporate information technology security. In general, Computer Forensics provides digital evidence to support allegations of certain activity in which computers are involved.

When might Computer Forensics be employed?

Computer Forensics may be used in cases of: unauthorized disclosure or copying of sensitive business data, such as customer databases, price lists and employee payrolls, whether by accident or by intent; fraud and deception; Internet abuse by employees including downloading of pornography; industrial espionage by "crackers" and subsequent damage assessment; recovery of data thought to be deleted; revelation of data hidden or included in temporary or swap files; access to encrypted, password-protected data.

In general, as computers have moved into the mainstream, they are employed in more instances where sensitive information is sent by e-mail, instant messaging, FTP or copied on disk. Computer Forensics investigators can help validate the integrity of this computer data and interpret it.

What is an Anton Piller order? How does it relate to Computer Forensics?

An Anton Piller order is granted by a judge and can be considered as roughly equivalent to a civil law form of search warrant, although there are some key differences.

An Anton Piller order typically authorizes the collection of specific data related to the action.

Anton Piller orders were formerly rarely used, but have recently become more commonplace in matters where computer data is critical. This data can be quickly erased if there is knowledge of a pending legal search. The defendant should have no prior knowledge of the Anton Piller order until the plaintiff's representatives arrive on location.

We have assisted in implementing Anton Piller orders and, in other circumstances, challenging the need for the order. 

Can you recover deleted data from a computer?

We can recover many instances of deleted data. The probability of success depends upon the specific circumstances. These include the type of data, the length of time since its deletion and the activity on the computer since its deletion, among other factors.

In general, full or partial recovery of text data is easier than binary data, such as images. Data deleted in the past few days is easier to recover than data deleted many months ago. Data from a relatively inactive computer which stores little information is easier to recover than data from an actively used system that's approaching its full capacity.

Can I monitor the e-mail, instant messages and Web access of others who use my computer(s)?

Yes, you can. The best solution to carry this out depends upon the number of computers and computer users.

For a few PCs, software-based monitoring installed on each computer is usually the most cost-effective solution. The right monitoring software can track e-mail sent and received, including Web-based e-mail services such as Microsoft's Hotmail. Instant messages can be saved. The software can also record Web sites visited and, if required, block access to specified Web sites, such as those with pornographic content.

This type of individualized computer monitoring software may be used by a small business to track employee usage. It may also be used on a home PC to monitor computer use by others in the household, such as children. We recommend the Internet surveillance and monitoring software products of SpectorSoft.

For larger corporate installations with many PCs and users, a centralized network-based solution is usually the most efficient and easy to administer. Typically, this will include a configurable hardware-based firewall and data vaulting capabilities to comply with Sarbanes-Oxley requirements. Please contact us to consult on the corporate solution that's right for your business.

Can you determine who sent an e-mail?

Our examination of the complete contents of an e-mail message will usually show the path it traveled over the Internet to reach its destination. This will give clues to the e-mail's origin, which may be traced back to an ISP (Internet Service Provider) or a corporate network. Sometimes the information will include sufficient detail to link the e-mail to the specific computer which probably sent it.

Can you determine who wrote or printed a computer document?

In many cases we can determine the probable author of an electronic document, such as a word processor file, by examining the document data file.

We may be able to determine who printed a paper document using a computer. Some computer printers encode data in the printed document. After decoding, this data can provide information such as the serial number of the printer and the date and time of the printout. This information may be sufficient to determine the owner or user of that computer printer.

What is the cost of a Computer Forensics investigation?

The cost of a Computer Forensics investigation is based upon an hourly rate plus expenses incurred. The total cost will depend upon the complexity of the issues and the time involved. More time is usually required in the analysis and interpretation phase than in the initial acquisition of the data.

We offer an initial telephone consultation of up to 30 minutes at no charge. To request this complimentary consultation, please contact us.