Computer Forensics

Computer Forensics is the systematic preservation, identification, extraction, analysis and documentation of computer or other digital data. Computer Forensics can be applied to data found on mail servers, laptops, smart phones, digital cameras, USB drives, memory cards and GPS devices.

At Summit Investigations, we are able to apply Computer Forensics practically to the collection, preservation and investigation of digital evidence in its various formats. The team employs industry standard tools, specialist training and a wealth of experience to achieve positive results for our clients.

The background to each computer forensic investigation is different and so Summit Investigations uses consultative method with our clients to understand what their requirements are and how we can best serve them. At Summit Investigations we ensure that the evidence is handled in a forensically consistent way to ensure the chain of custody is intact and any evidence derived from the examination can be admitted at court.

Computer Forensics is increasingly used in matters whereby the data contained on the electronic media is related to the dispute, alleged transgression or criminal activity:

Fraud matters              Records showing multiple payments to a contractor or else payments made to an unauthorised entity
Misconduct at work    Evidence of pornographic or other unsuitable images present on a computer or else being circulated amongst the                                           employees via email or file transfer
Criminal cases              Origin, location and accessing times by a user of files such as child pornography images or else evidence of the                                                               unauthorised use of credit cards or bank accounts
Civil disputes                Evidence showing when a document was created and whether or not it was sent by email from party to another

What data is involved?
The digital data in question could be located on a myriad of electronic media including computer hard drives, USB drives, digital camera cards or mobile phones. The data can be in many forms and include:

  • Emails / web mails
  • Images, photos or video
  • Documents
  • Chat-room dialogues
  • Spreadsheets
  • Internet websites
  • Usage logs
  • Deleted data

How is Computer Forensics performed?
Computer Forensics should only be performed by a suitably qualified examiner with the necessary Computer Forensics software and hardware tools. Computer Forensics involves the isolation and stabilisation of the data before forensically copying [or `acquiring’] this data to a separate device. This separate device must have been `sterilised’ prior to the acquisition – i.e. it must have been wiped of all previous data so that it cannot contaminate the acquired data.

All further Computer Forensics examination must be performed on this copied data so as to maintain the integrity of the original data on the medium. Various Computer Forensics software tools can be used to ascertain what current and deleted data is present and pinpoint the data that is relevant to the examination.

Analysis of the data can be conducted using various methods including:

Keyword searches             Searching the whole data set for any mentions of keyword such as an email address or credit card number
File identification             Collecting all the files which have a certain file signature such as `jpeg’ for all photos or images
File registry                        Examining the registry for information such as log-in time and date
Link files                             Demonstrating whether a certain file has been copied or moved

What about deleted data?
It is possible for an examiner to recover any deleted data from a media and ascertain whether these files are relevant to the matter. Computer Forensics software tools are able to search and identify these `deleted’ files from the media and recover them to a separate location. Where parts of a file have been overwritten, further processing by the software is able to stitch together fragments of a deleted file to reconstruct the available file – a method known as `file carving’.

Would you like to find out how we can assist you with Computer Forensics?

Please feel free to call us direct on now on 1300 608 530 to discuss your requirements or else send an email to our confidential address and we will contact you at your convenience. Summit Investigations operates Australia wide, from Adelaide, Melbourne, Sydney and Brisbane across to Perth, as well as overseas.