CLIENT  TESTIMONIALS:
"Had great success with the online review tool and would use it again."
Amy Davis Benavides,
Attorney (Hermes, Sargent Bates, LLP)
read more testimonials

Nationwide Computer Forensic Investigation
(Expert Data Collection & Analysis)

Data acquisition is the process of imaging computer hard drives and other electronic media in a forensically sound manner. Our nationwide forensic examiners can recover electronically stored information (ESI) from a variety of media including hard drives, floppy diskettes, zip disks, tapes, PDAs, CDs and DVDs, USB and other removable drives, digital cameras and recorders, flash cards, network servers and cell phones.

Acquiring ESI that may be relevant in litigation or investigation requires planning, as there is a risk of spoliation as a result of inaccurate collection. There are many requirements for the proper collection of ESI, ranging from preserving metadata and establishing chain of custody to maintaining data integrity.

Download a copy of Trial Solutions - Forensic Data Collection Key Questions.

Understanding the data collection scope and type of data available for collection allows effective data acquisition. Scope Questions Generally Include:

• Who are the custodians of interest?
  • Based on specific document requests?
  • Based on geography, department, or job function?
• Data types of interest? (Email, File Server, Hard Drive)
• What are the dates of interest?
• Must deleted files be produced?
• Are backup tapes within the scope of the project?
  • If so, must all tapes be restored or just a portion?
  • If so, are monthly, quarterly, or yearly backups acceptable?
• Are the current in-house IT staff qualified to handle the work?

Our nationwide computer forensic experts can assist in developing a collection plan starting with identifying the types of data and the locations. Collection projects may involve some or all of the following:

• Local drives including desktops or laptop file systems, network file shares, portable media (CDs, DVDs), external hard drives and portable devices (flash drives).
• Live networks including e-mail servers, such as MS Exchange, or other database applications.
• Backup media storage including backup tapes and portable (off-site) storage devices.

Accurate data collection and acquisition requires solid planning for maximum effectiveness. The following questions will help determine where and how electronic evidence is stored.

Email Collection Sample Questions:

• What types of email servers are deployed throughout the organization?
• Where are the mailboxes of the relevant custodians?
• What are the email server policies regarding deleted items?
• How long is email allowed to stay on the server?
• What are the mailbox size limits?
• Do users archive their email?
  • If so, to their local computers or a file share?
• How are the email servers backed up?

File Server Collection Sample Questions:

• What types of file servers are deployed throughout the organization?
• Do users have home directories? If so, on what servers?
• What are the size limits for each user?
• Does the organization utilize shared folders?
  • How are shared folders organized?
  • By department, geography, or job function?
  • Are they accessible by all employees?
• How are the file servers backed up?

Hard Drive and PDA Collection Sample Questions:

• Number of laptops and desktops?
• What operating system is running on the laptops and desktops?
• Size of the hard drives? (Ex. 40GB, 80GB, etc)
  Are the hard drives or data encrypted?
• Are PDAs or any portable devices used?
  • If so, what models / types?
• Is any data stored on personal or home computers?

Please contact us at 713-462-6464 or at info@trialgraphic.com to speak with one of our nationwide computer forensic investigators.