E-forensics

What is Digital Forensics / Computer Forensics?

Digital forensics is the application of scientific methodology to computer media to establish factual information or provide expert opinion for legal proceedings. The terms ‘computer forensics’ and ‘digital forensics’ can be used interchangeably.

There are five main phases to computer forensics:

The imaging or acquisition of the computer media (collecting the data)

Examining the data (generally using specialist forensic software)

Analysis of the data

Compiling a report, statement or letter of findings

Providing expert witness testimony.

Electronic Evidence

The following are examples of media which we can examine that may contain electronic evidence:

  • Hard disk drives (also known as computer disks, hard disks or hard drives)
  • USB external hard disk drives
  • Mobile phones
  • Tablets
  • Thumb drives – flash drives, USB stick or memory sticks
  • MP3 players
  • Floppy disks
  • ZIP disks
  • Tapes
  • Micro drives
  • Optical media such as compact disks (CDs), Digital Versatile Disks (DVD) and camera cards.

ACPO Good Practice Guide for Digital Evidence

Our computer forensics experts adhere to the Association of Chief Police Officers (ACPO) Good Practice Guide for Digital Evidence.

The main principles of the ACPO Good Practice Guide for Digital Evidence are:

Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.

Principle 2: In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

Principle 3: An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.

Mobile Device Forensics

What is Mobile Phone Analysis and Tablet (ie iPad) Analysis?

Mobile phones and Tablets are, for most people, an essential item. Not only do they make phone calls but they act as cameras, MP3 and video players, web browsers and they are used for storing an endless amount of data including personal information.

It is all of this that make mobile phones and tablets ever more relied upon as evidence in investigations; however they can provide useful information both for the suspect and the prosecution.

Mobile Phone Analysis

During mobile phone analysis data may be identified in three areas: (1) the mobile phone internal handset memory; (2) the SIM (Subscriber Identity Module) card or USIM (Universal Subscriber Identity Module) card and (3) removable memory cards (e.g. micro SD or Memory Stick).

Griffin Forensics have the expertise to examine a wide variety of mobile phone models from leading manufacturers including iPhone, Nokia, LG, Sony Ericsson, Motorola, Siemens & Samsung. During a mobile phone analysis we may be able to retrieve information pivotal to your case including, but not limited to, call records, phone-book entries, text messages, multimedia messages, pictures and, in some instances, deleted data.

We are also able to extract voice recordings from a device and transfer them to a more user-friendly format, such as CD-ROM, enabling the recordings to be used in court in a normal CD player.

Tablet (ie iPad) Analysis

Tablets can also contain a significant amount of data and our Tablet Analysis supports using the following operating systems (subject to software version): Windows Pocket PC; Palm; Blackberry; Symbian 6.0 and EPOC 16/32 (Psion devices).

Cell Site Analysis

Cell Site Analysis is the analysis of all available mobile telephone records in order to establish movement, usage patterns and the possible attribution of a mobile phone. Cell Site Analysis is used mainly in criminal investigations and the evidence can be useful for both the prosecution and the defence to determine if a mobile handset (and by association its owner/user) were at the scene of a crime at the time that it was committed.

Portable Satellite Navigation System Forensics

Satellite navigation systems, also known as Sat Nav (Sat-Nav, SatNav) or GPS are used every day to provide drivers of all types of vehicles with accurate directions to predetermined destinations. Sat Nav forensics can identify a whole range of useful information, including a person’s home or business address, details of locations visited, times and dates of journeys and details of contacts.

This information can be used as evidence in criminal or civil legal proceedings. Examination of these systems for court is known as Sat Nav Forensics or Sat Nav Analysis. Our experts have the ability to forensically examine the internal memory of a satellite navigation device and also any removable memory cards that may be present.

Sat Nav Manufacturers The most common satellite navigation systems are TomTom, Navman, Garmin and Road Angel.

Tablets (ie iPad) Tablets can also be used as a satellite navigation system, using navigation software and a GPS receiver; these too can contain a wealth of useful information.

Built-In Satellite Navigation Systems NB: We do not conduct the forensic examination of built in sat navs.

CCTV Forensics and Analysis

Extraction, Review and Presentation of CCTV Footage (CCTV Analysis)

Closed-circuit television (CCTV) is now playing a major part in the prevention and detection of crime; it may also provide a defendant with evidence of their, or other people’s actions, which could be crucial to proving their innocence. CCTV analysis includes the extraction, review and presentation of CCTV footage for legal matters.

With some CCTV systems, the extraction of the CCTV footage to a CD or DVD so that it can be viewed and presented using a normal computer system is a fairly straightforward process. However, with other systems, the CCTV analysis can be more time consuming and complex. Additionally, failure of the CCTV hard disk drive can result in the requirement for a forensic data recovery before the CCTV analysis can start.

Forensic Data Recovery

Computer media is prone to failure and, when that computer media potentially contains useful evidence, its recovery may be the difference between success and failure for the case. Our experts have successfully carried out forensic data recoveries from hard disk drives which have been subjected to:

– deliberate physical impact
– immersion in salt water
– exposure to fire and smoke.

In each of the above cases a successful forensic data recovery was pivotal to the subsequent investigation and court case.

Our forensic data recovery experts use their extensive data recovery knowledge and skills, together with forensic evidence handling techniques to ensure the integrity of the recovered data.

If you have a forensic data recovery requirement call 01280 707190 or
email info@griffinforensics.com for a quote.

Data Destruction

Many companies and individuals discard old computer media when it is no longer required either due to failure or because of an upgrade. Modern computer media holds a significant quantity of, often, sensitive data and, if the digital media falls into the wrong hands, so does that sensitive data.

Data destruction is the secure wiping or physical destruction of the computer media so that the data is no longer recoverable. We will provide you, on request, with a certificate for all computer media data destruction that we undertake on your behalf.

Incident Response / On-Site Data Collection

Situations involving on-site imaging (producing a forensic copy of digital media) can develop or change quickly. Intelligence may suggest two or three computers on the target site(s) but once accessed is gained, it is not unusual for the anticipated figures to be wide of the mark – either there are no computers or there are 20 or 30 hard drives to be imaged.

We can quickly mobilize additional resources to a site when required, or we are happy to offer you telephone advice and only attend the target site once entry has been gained and the need for digital forensics expertise positively established. We are prepared to image the digital media on-site, or move it to a nearby location (such as a hotel) for the imaging; we are flexible to enable us to meet your requirements.

We offer assistance with the wording when preparing a search and seize order and we will work with you during the execution of the search and seize order to help identify appropriate target media and the best approach for gathering the maximum amount of evidential material.

Case Studies

At Griffin Forensics we work on many different cases which include:

– Indecent images of children and child abuse investigations
– Murder and terrorism investigations
– Political corruption and immigration investigations
– Trading standards investigations

If we can assist with these difficult kinds of cases please call 01280 707190 or
email: info@griffinforensics.com

Follow us

Contact us

T: 01280 707190
Calls may be recorded for training and quality purposes

Company Registration No: 6007632 - Company Registered in England | VAT Registration No: 899762143
© Griffin Forensics Ltd 2023 | Site by Pinsah Design |

Chris Watts

Chris served in the Royal Air Force for 23 years where he investigated computer misuse and computer security breaches. In 1995 he introduced a formal digital forensic capability into the RAF and remained the central point of contact for this discipline until his retirement in 1999. He entered commercial digital forensics at Vogon International Ltd in January 1999 and, at the time of Vogon's closure in December 2006, Chris was the Computer Investigations Manager.

He has received and provided training on computer data recovery techniques, computer auditing, computer security, digital forensics, mobile phone forensics, computer investigations, computer viruses and computer maintenance from and to both military and commercial sources I the UK and abroad. Chris has, and continues to be, instructed as a digital forensics expert witness for the defence and the prosecution and is an experienced Single Joint Expert

Anthony Smith

Anthony (Tony) joined Vogon International Ltd in 2001 where he was employed as a Data Recovery Engineer performing data recovery duties and providing forensic processing support to the computer forensic department. At Vogon his work mainly concerned the recovery of data from damaged or corrupt storage media and file-systems. From 2007 till 2010 Tony worked in various forensic analyst and forensic consultant roles where his work included converting data to a human readable format, forensic imaging and supporting police forces with the execution of search warrants. In 2011 Tony joined our team where he is employed as a forensic investigator and data recovery expert.