What is Computer Forensics?
Computer Forensics is the science of investigating computer artifacts to determine what was occurring when a computer was up and running. This includes the acquiring data from computers and other electronic sources. The collection of data should be done in a manner which will be suitable for use in court.
FDS Global’s process is to create a mirror-image of your computer’s hard drive, providing an exact copy of the data. This can be used for further analysis. This further analysis includes mining data for specific information requested by the client.
When is Computer Forensics needed?
Computer Forensics should be used when you want to know the “who, what, when, where, and why?” of your data. Computer Forensics can help you to answer questions you may have regarding your data, and is essential for matters involving Intellectual Property (IP) Theft, fraud, hacking, child contraband, and other cases.
What do you do when you are engaged by a client?
Once engaged, FDS Global follows a unified methodology suited to the client’s needs.
Steps normally include the following:
- Identifying the problem
- Planning and preparation
- Data preparation, indexing and cataloging
- Key word searches and data mining
- Initial Reporting
- Refinements / additional requests
What is the “Identifying the problem” phase?
At FDS Global, our team works hard to ensure excellent preparation and organization of a case, but the first step is to identify what the specific problem is. FDS Global works closely with the client to establish a time line of events and a defined scope for work to be completed. This includes an in person meeting and intensive follow up communication in order to define expectations throughout the case.
Can FDS Global provide an estimate of time and/or expense during the planning and preparation phase?
Cost: FDS Global begins work following receipt of a signed retainer from all clients who wish to be engaged. The retainer amount is variable depending upon each case, however, cost will be established during a consultation prior to engagement. Once engaged, work is billed on a time and material basis. FDS Global is happy to report progress throughout the case, and can provide periodic reports of how much time has been incurred, so that expenditures can be monitored.
Travel: Forensic Data Services bills time and expenses related to travel.
Planning and Preparation: The amount of time involved in this phase can take as little as a few hours or as much as a week, depending upon the size and complexity of the project and the location of the work.
Acquisition: When Forensic Data Services acquires data on a target site, billing is done in the form of a fixed cost which is based on the type of devices needed to be collected.
What is the “Preparation, Indexing and Cataloging” phase?
To index and catalog a computer image is an intensive computer process. Acquired data will be verified for a variety of aspects, organized – taking into account issues and priorities, grouped, prepped and placed on one of FDS Global’s systems. The system used will be dedicated full time for the duration of the process, which can last from eight hours to several days depending upon the number of files, size of the hard drive and other issues affecting the acquisition phase.
A general rule for the length of time required in this phase is that it requires about 1.5 to 2.5 hours per 1 GB of data. This means a 40 GB hard drive might take between 60 and 100 hours to index and catalog the image.
Clients are often happy to find that the majority of the time involved in this process is not billed except for a few hours for the set up and monitoring to yield each image.
What is the “Keyword search and data mining” phase?
The keyword and data mining phase is the most time consuming and costly process. After working in tandem with the client, Forensic Data Services will produce a search-term extraction list to use as a guide during the process of completing the project. The search terms are applied to each image/index-catalog.
The following items should provide some explanation of the process:
- Each image/index-catalog is processed separate from all other images. This means a 10 term search list applied to 10 images is the equivalent of applying a 100 term search to a single image.
- Search terms need to be as specific and relevant as possible to minimize false hits.
- A hit can be defined as the appearance of a search term in either a file or a file rename.
- Every hit (whether it turns out to be positive or false) will need to be reviewed to have its relevance determined. So the more accurate the hits are, the better.
- In general, one image with 10 to 15 terms applied to it can be searched and reviewed in 12 to 16 hours.
What is the “Deliverables” phase?
The deliverables phase is dedicated to extracting and exporting the relevant files from the search phase. At FDS Global, creation of deliverables occurs as follows:
Exporting the relevant files to a local directory. This process can be somewhat lengthy, depending on the number of relevant files associated with each search term.
Burning the exported relevant files on to media for delivery to the client is the next part of the deliverable process. At Forensic Data Service we have the ability to create CDs, DVDs, ZIP, Hard Drives, and Tape. Time to create the deliverable media is dependent upon the type and number of media and the amount of data to be delivered.
The last step in the deliverables process is the quality control checks and mailing. Each deliverable is produced from a master source disk. The master source disk is verified at the time of creation both electronically and visually. Once produced, each deliverable is verified to the master source disk electronically. Each deliverable is then verified visually by at least two personnel from the Forensic Data Services computer forensic team.
What kind of cases have you worked on?
- Insurance related matters including viatical companies.
- Securities (SEC investigations) – Stock holder suits against brokers – Stock holder suits against companies.
- Corporate investigations – Fraud – Employee issues – Sarbanes/Oxley – Whistle blower.
- FTC actions – Pricing issues – Employment issues.
- Receiverships – Bankruptcy – Labor issues.
- Debtor/Creditor actions- Investigation in locating missing funds.
- Hacking cases – Incident response, Managing the crime scene, locating the source.
- Theft of trade secrets.
- Destruction of evidence.
- Best evidence/correct evidence cases.
- Employee behavior/conduct cases.
- Security audit in conjunction with employee/outsider malfeasance.
Can you work with databases?
Yes. FDS Global has extensive experience in working with a myriad of different databases. We can assist in reconciling data, transferring data to new platform, and satisfying any database needs you may have.
Can you work with tapes?
FDS Global’s innovative video forensics techniques have found success in multiple court cases. We can assist you with any tape format your case requires, and will provide consultancy suited to your technology.
How quickly can FDS Global respond?
We understand that the preservation of evidence is critical. Once engaged, FDS Global will respond with the following response times:
- Anywhere in the 48 states in 24 – 48 hours from the time authorized to travel to that site.
- Anywhere in the world in 48 – 72 hours from the time authorized to travel to that site.
Once you start a case, how long before we can get some information?
The estimated time for deliverables is provided on a case-by-case basis. FDS Global can provide a specialized consultation which will designate expectations for deliverables. Time estimates will includes consideration for amount of technology within scope, analysis of collected data, and any other requirements requested by the client.
What experience does FDS Global have with Civil and Criminal cases?
The team, led by Robert D. Moody, has successfully worked on numerous Civil and Criminal cases. We have provided expert witness testimony in State and Federal Court, supporting the Prosecution and the Defense. For a full list of expert witness testimony history, please see Dr. Moody’s CV RDM CV
What type of Civil and Criminal cases has FDS Global worked on?
We have experience in Criminal cases involving divorce, child custody, cyber bullying, child pornography, computer hacking, computer fraud, intellectual property theft and employee issues, tampered data, spyware, data theft, white collar crime and more.
Can FDS Global collect and analyze lost, damaged, or stolen data?
Our data preservation and collection techniques are recognized by the Court system as “Best Practices”. Our methodologies can help to recover lost and damaged data on a case-by-case basis. To data, FDS Global has successfully recovered stolen data and data damaged by water and fire. FDS Global can also provide consultation on additional recovery needs as necessary.
Does FDS Global provide expert witness testimony?
Yes, our testifying expert, Robert D. Moody, is the founder and CEO of FDS Global. He has provided testimony in hundreds of cases. For a full list, please see his CV. RDM CV