Search, Examination and Analysis
Forensic indexing process followed by search, examination, bookmarks and analysis.
To be able to perform efficiently some search, examination and analysis of a forensic image file, a first step of indexing process with dedicated forensic tools is recommended. But this will depend the content of the request.
The forensic image file containing the full physical/logical copy of a device/media or only a specific set of data exported (preselected files and folders) is processed (indexed) using forensic tools.
Depending the objective and the request of the customer, the forensic expert (certified forensic computer examiner) will decide about which forensic tool(s) is the most appropriate for the data processing, which examination and search methods he will use to reach the objective and get the best result.
Different investigation techniques and search methods are applicable to find the relevant information.
Here are some examples of search which can be done on demand:
keyword search, regular expression search, approximate matching search
in depth operating system examination and search of specific artifacts
examination of Internet activities (traces of web browsers activities, URLS, downloads, cookies, cache
examination of computer use, activities, log connections
specific e-mails search , specific document identification on the media
trace of USB device connections, WIFI connections
computer RAM memory analysis (after live acquisition)
search for deleted files
custom search on demand
A detailed forensic report will indicate all actions carried out by the forensic specialist, which includes the settings used for the indexing process performed, an overview of the resulting files indexed (number of files per category), the search techniques and the criteria used.The report will also mention the potential valuable evidence data identified, bookmarked or tagged.
The resulting evidence data set will be exported and put at disposal for the customer with the final report.
The senior forensic expert at Windife can extract information from computers (PC and Mac), mobile devices (smartphones, tablets), external hard disk drive and media, USB thumb drives, server or NAS storage and produce detailed forensic reports with potential valuable evidence.
Because of the use of specialized software and hardware, tested and recognized in the field and the application of strict procedures and standards respecting international fundamental principles and which comply with the state of art in the field, the data evidence provided can be accepted in any administrative or judicial procedure in a court.