Evidence Verification

Electronic evidence is unique from the standpoint that electronic footprints are often visible – if you know where to look. Disqualifying evidence that was improperly collected or incomplete can often turn a case. In many cases, having direct access to the information is critical and directly gathering electronic information is often the best method of validation. With a bit-by-bit copy you can search for hidden information in the following areas:

Saved Files - These are data files that exist in a form that can be readily used. They can often be located in named and organized directories. However, sometimes they are hidden in strange directories or even marked to be hidden from the operating system. Often, computer users attempt to hide files by adding suffixes to the file name like .exe in order to avoid detection.

Deleted Files - When a file is deleted from a computer, it is not altered. The operating system is just told to ignore that it exists. Unless the operating system writes new data over the old, it may be recovered.

Temporary Files - Operating systems and programs temporarily store a copy of working data in various places. Sometimes it is in the same location as the original. More frequently it is in a specially designated folder specifically for temporary files.

Metadata - This is a term that refers to corollary information that is stored along with data. It includes such things as the date the file was created, modified and last accessed. It can tell us the original owner as well as everyone who has ever used it. Sometimes it contains previous versions of the document.

Disk Slack - When data is stored, it accidentally captures data from previous documents. With certain forensic software, this data can be searched and the old data resurrected.

At Digital Forensics Worldwide, our licensed professional investigators recover, analyze, and present computer based material in such a way that it is useable as evidence in a court of law. Please contact us today.