Forensic Services

There is a significant difference between "forensically" collecting data, and simply collecting data. Unfortunately, many people use these terms interchangeably and it is important to note the distinction between the two. A simple data collection can be done in many different ways, including right-clicking on a file in Windows explorer, selecting "Copy", navigating to where you would like to place the file, then right-clicking the mouse once more before selecting "paste". While this process does indeed "collect" the data, there is a very good chance that with this process you may have spoliated the data by unintentionally or unknowingly changing the date/time values associated with the files.

A forensic collection, on the other hand, utilizes methodologies and technologies which preserve files, their content, and their metadata in a format which is not altered and has file management accountability built into the process. This process also lets you view files without altering any of the original content, such as auto-update date macros or other features allowed by the originating application. Additionally, forensic-focused technologies allow for capabilities not available to tools simply built for copying files from one location to another. For example, the ability to recover deleted files, reassemble file fragments, the ability to view data in memory or in slack space which was once used but no longer, and so forth.

These examples are broad generalizations of the differences between collecting data and forensically collecting data, with the broader point being that when data collection is necessary, we here at SullivanStrickler are able to assist you in determining the best, most defensible course of action based on your specific needs, in addition to managing the execution of the same.

Contact us today to learn more