Vogon offers a complete range of forensic computing services from an initial investigation on site, through capturing the computer data, to processing and investigating the captured data for evidence for (or against) a case.
Securing the computer evidence
Examination of a computer must be done thoroughly, carefully and without changing anything on the computer. Vogon has therefore developed procedures and techniques to:
- Preview the content of computer hard drives without risk of changing the data
- Capture an exact copy of the data held on computer hard drives and other media
- Automatically produce a printable audit trail to identify the actions taken
At the preview stage, simple checks may be performed to determine current status of the data files. This may provide useful information about ownership of the data and/or relevance to a particular investigation.
Capturing an exact copy of the data involves a process known as imaging. Here all the data is copied to create an image that includes data which is not normally accessible such as:
- Data that may have been deleted
- Information hidden outside the normal storage areas
- Old data that has been partially overwritten
Often it is this hidden data that contains vital evidence to prove or disprove a case.
The image is an exact replica of the suspect computer hard drive or other media. It can be investigated instead of the original computer. Investigators can explore all areas of data to look for evidence or clues without changing or compromising the original data. For example, to
view the last accessed Internet site, to read saved email files or to navigate around the image as though it were part of the original computer.
The taking of an image is a vital step in a forensic computing investigation. It is accepted as the best method for capturing computer evidence that may be presented in a Court of Law.
Vogon offers both laboratory and on-site services to secure computer evidence.
Processing the evidence
Having captured the data from the suspect machine in a fashion that enables any information found to be used as evidence, the next step is to process the image. With the vast experience that Vogon has gained from our data
recovery and data conversion expertise, virtually all file systems can be processed. An image can be processed in a variety of ways to suit the needs of the case and the customer. In some instances
a file extraction may be appropriate, in others a data index may be created for our powerful search tools to be run against.
Computer Investigation – Searching the data
Looking for one or two words or an account number across gigabytes of data, is a bit like looking for a needle in a haystack. Experienced Computer Investigators work with highly sophisticated tools, many of which are not available for general release. These tools will quickly identify
the required information in mere seconds. Word searching and text recognition technology combined with the experience of an investigator soon close down the hunt.
With the right tools, an entire computer network can be searched for specific words or characters. This search will reveal every occurrence of these words or characters, even if the data was deleted by the criminal to cover his tracks.
For immediate assistance please visit our forensic computing emergency page for a list of contact phone numbers and enquiry form. To discuss your future Forensic Computing or Computer Security requirements with one our experienced investigators
please contact us by letter, phone or email. |
