Digital forensics is a scientific field devoted to the collection, preservation and analysis of digital evidence. DFI Forensics strictly adheres to the protocols of the forensics process to ensure the admissibility of evidence produced for our clients and relied on by them in Court as well as the defensibility of our conclusions should they come into question by an opposing litigant or lawyer.
The first step in the process is to acquire the digital evidence. We use specialized tools and forensic software to do this in a manner that doesn’t disturb the original data in any way. For example, metadata and other date and time stamps associated with operating system logs may be updated if the evidence is collected without using the tools and forensic software that a trained digital forensics expert uses.
The evidence acquired from a digital source is preserved as a “master copy”. The master copy is duplicated to produce a “working copy” of the evidence and our analysis is conducted on the working copy of the evidence. DFI Forensics uses special tools to generate a uniquely identifying alpha-numeric “hash value” of the master and working copies. Hash values are more accurate than a DNA match and we ensure a match prior to moving forward with our analysis.
During the analysis stage of the digital forensics process, we examine the data acquired from the digital source. Using the expert training of the digital forensics examiner assigned to your case, we determine the facts you have instructed us to investigate based on an examination of the evidence we have collected. Every case is unique and we never truly know what the evidence will tell us until we begin our analysis. However, we will always advise you, to the best of our ability, of what you can reasonably expect to learn from our investigations.
The final stage in the process is reporting our findings to you. Our succinct and clearly written reports provide you with a written summary report of our findings and opinion along with digital copies of any evidence you need.
Evidence collection is the most important part of any forensic investigation and digital forensics is no exception. Mistakes could cause the evidence to be inadmissible in Court and not using the best tools available will result in uncertain findings.
The most important principle of evidence collection is not to interact with the evidence. That is why we take great care in our evidence handling procedures, chain of custody documentation and forensic acquisition of digital evidence from today’s latest technology and devices.
Whether we are imaging hard drives or extracting data from mobile devices or cloud sources, we do it right and with the best tools in the industry to ensure top quality and unparalleled reliability.
An expert digital forensics examiner must have great training, awareness of the latest technology and how it is used, the ability to apply critical thinking and problem solving skills to a variety of situations and an obsessive desire to find the truth.
Through forensic examinations of computers and digital devices we are able to find evidence of a vast array of human activity, conduct, communication, action and interaction with one another and technology to a greater degree than ever before.
Digital fingerprints are everywhere. We know how to find them and use them in the pursuit of the truth.
The technological advancement of the personal computer has been exceedingly fast and prolific. The home and office personal computer has gotten smaller, lighter, more powerful and lightning fast.
This has resulted in more people than ever before having one or more work and home PC or laptop.
Acquiring digital evidence in a forensically sound manner from a computer’s volatile and non-volatile memory is the key to a successful investigation and the admissibility of the findings in Court.
Apple Inc. products are more than just user friendly and stylish. Mac computers, iPhones and iPads uniquely store, process and contain data in a completely different manner than a Windows-based computer or other forms of mobile devices.
It is important to understand the difference and only a well-trained and experienced digital forensics expert can give you the best advice upfront when dealing with Apple Inc. products in relation to any proposed investigation or examination of one or more of those devices.
Smartphones and tablets and smaller, lighter and more powerful than ever. Consequently, they are being used by more people, more often and for more things that ever before.
These devices are a common source of digital evidence in our investigations and can produce an enormous amount of valuable information in a variety of contexts.
Expert advice is necessary for our clients due to the way in which mobile devices interact with the user and various cloud accounts, store information and the degree to which that information is encrypted.
Servers store and process data in a way that keeps businesses running smoothly and information flowing.
Servers record event logs that are incredibly valuable to digital forensics investigators in a variety of investigations, including network intrusion and employee data theft cases.
In many cases, servers need to be configured to record and backup event logs that would be valuable in a digital forensics investigation.
Acquiring evidence from cloud accounts and internet sources is one of the most important aspects of preserving evidence in digital forensics.
Cloud accounts and online evidence can change or be deleted instantly so it requires both clients and digital forensics teams to act swiftly to capture the evidence as it existed in that precise point in time.
Common sources include online storage and email accounts, social media evidence and website content.
Metadata is “data about data” and it is an incredibly valuable source of evidence that can be used to determine creation dates, revision of documents and files and GPS location information.
All digital files record basic creation and modification time stamps, but many files and documents record information about the file or document behind the scenes or embedded within the digital file itself.
Special tools and forensic software may be required to access metadata and translate it from low-level programming code into plain language.
The Internet of Things, or “IoT”, is a concept that describes the degree to which our environment is digitally connected through the internet more than ever before.
Generally, any product described as “smart” is an IoT device, such as door locks, appliances, digital personal assistants (i.e., Google Assistant, Amazon Alexa, Siri) and many other interactive, connected devices.
These items record data, voices and events to a greater degree than most people realize and may be great sources of evidence in certain investigations.
Wearable technology generally refers to the various health and fitness devices that record biometric and often GPS location data in relation to the user.
Smart watches and fitness devices record the number of steps a user takes per day, heart rate information, location data and sleeping patterns.
A number of these devices also sync with a large number of cloud and social media accounts to notify the user of events, messages, phone calls and they can even be used to interact with digital personal assistants like Google Assistant and Siri.
Drones have progressed from hobby toys to restricted pilot-less aircraft in Canada and now even require a license to operate in many circumstances.
They are remote controlled aircraft that can travel great lengths and are often equipped with cameras to record scenery and allow for remote operation.
Most drones record date and time as well as GPS location information while in operation and therefore, may be a useful source of evidence.
We can learn so much from examinations of digital evidence. When an event occurs that requires explanation, digital forensic examiners can uncover important clues that tell the story of what happened.
Furthering one’s understanding of an event is important when people use technology to affect the lives of others through unlawful acts because technology is difficult to understand for many people.
Once people learn what happened, they generally want to know how. Digital forensics experts can do that.
We examine the evidence and explain how someone was able to do something to you or your organization and how they used technology to accomplish the task.
In many cases, particularly following a cyber attack, it is crucial for a client to understand how an attack was successful in order to prevent it from happening again.
The use of the internet and various technological devices that record location information has resulted in the ability to learn more about where people are and where an event occurred than we’ve ever seen before.
Knowing precise location data is not only possible in most cases, but it can be incredibly valuable in resolving issues of credibility when opposing parties recall events in very different ways.
With so many ways to communicate with each other in our modern world, it seems logical that we would turn to technology to have a clear understanding of what was communicated between parties and what conversations occurred through email, text messages, communication apps, phone calls, video conferencing and social media chats.
This evidence is extremely valuable in many litigation matters and great care must be taken to produce the evidence in a forensically sound manner so that it can be relied upon in Court.
We are now able to put precise timelines on many things that were previously left to be determined by human memory or human-made records.
Technology logs our interaction with our devices, our world and each other through varying degrees of detailed time stamps and metadata.
This evidence allows investigators to narrow events down to particular times and focus in on the most relevant evidence to determine the truth of any situation.
Attributing an act to a suspect is one of the primary objectives of all forensic science.
With digital forensics, the objective is no different. We can learn all we can about what happened and how but, in many cases, it is important to determine who was responsible for the commission of the crime or unlawful act that gave rise to the need to investigate.
Attribution can be challenging in some cases so it’s important to get the best advice upfront if you are primarily looking to identify your suspect.