|
|||||||||||||||||
|
 |
Frequently Asked Questions
Computer hard drives and servers are the most common digital devices requested for collection and investigation, but we can also find digital information on cell phones, printers, iPods, network equipment, and voicemail systems. How does the process work? First, Avansic take a special copy of your computer hard drive using specific equipment that ensures the original data is unaltered (by using a cable called a “write blocker”). This is called a “bit-by-bit” copy, or “image”, and copies every single piece of data onto a blank hard drive. Getting all of the data is necessary for the copy to be considered evidence, and also allows the forensics investigators to find information that has been deleted. This process generally takes about an hour per gigabyte of data. It can be done on your site or in our laboratory. What is digital forensics? We analyze computers cell phones and other electronic devices, to find digital information. We use processes that ensure anything we collect can be used as evidence How is forensics different from e-discovery? E-Discovery is a process that obtains the readable documents on an electronic device, where forensic copying obtains all documents. E-Discovery is a broad approach that only collects active data, and in doing so, nets a very large amount of information. Digital forensics is a more focused approach with a limited scope, and searches all data, including active, deleted, and unallocated space on the device. This pre-screening approach yields a smaller, more relevant data set. Let’s say you wanted to discover all of the information in a file cabinet. E-Discovery will find the files in their folders and produce them as they were stored. A digital forensics will take apart the file cabinet piece by piece and find all the documents that slid down behind the drawers, that may be misfiled, and that may not be in any folders. Forensics will present you only the set of documents that contain information you’re looking for, resulting in a much smaller data set to be indexed and coded by your legal team. Regardless of the technique used to obtain the information, the data can be loaded into document management software at the completion of collection. This creating load files for common programs such as Summation or Concordance. How long does the process take? A typical computer hard drive takes about 4-6 hours to collect. Once back in our laboratory, it takes several days of computer time to prepare for investigation. Filtering or investigating can take anywhere from an hour to several days depending upon the scope of the examination. In general, most of our clients receive results within 5-10 business days of collection. Servers and other complex assets can take longer depending upon size, configuration, type of computer or operating system, and location. How long will the computer be out of service? Forensics copying takes 4-6 hours for typical hard drive, which Avansic can do both during and after normal business hours. After the copy has been taken, the computer can be returned to normal use. If there’s a computer I know has evidence on it, what should I do until it can be collected? Do not use the computer and unplug it from the wall - do not power the computer down. Keep the machine in a secure location and call Avansic to schedule a forensics collection. What if the information is on a server that we can’t take down? Avansic has experience in performing live acquisitions of technology that cannot be taken offline. Please call a case manager at (888) 808-0337 to discuss specifics. Can Avansic look for a specific file on a computer? Yes, our process makes it easy to find specific information. We can search for either a keyword in a document, a particular file type, the location of a certain file, or the dates on which it was created. How can I be sure the data is secure? Avansic takes security very seriously, and we have implemented a number of controls to ensure that evidence is properly stored and handled. How do Avansic protect our privileged information? Avansic has significant experience in drafting and implementing clawback agreements. We have served as a neutral third party on many occasions and are experienced with the creation of privilege logs, privileged document sets, redacted production copies, and In Camera copies. Can I use my in-house IT staff to do forensics and e-discovery? Forensics collection and examination should be performed by a neutral third party in order to ensure that the evidence is admissible in court. Many companies have discovered the pitfalls with using their internal staff by having key evidence dismissed during litigation. Forensics requires specialized knowledge and equipment, and pulling IT staff from their other duties can result in significant losses in productivity. What if we’re not in your area? Avansic can service any state in the nation.
|
 |
Copyright 2008 Avansic
Home Contact Us
|