E-forensics
What is Digital Forensics / Computer Forensics?
Digital forensics is the application of scientific methodology to computer media to establish factual information or provide expert opinion for legal proceedings. The terms ‘computer forensics’ and ‘digital forensics’ can be used interchangeably.
There are five main phases to computer forensics:
The imaging or acquisition of the computer media (collecting the data)
Examining the data (generally using specialist forensic software)
Analysis of the data
Compiling a report, statement or letter of findings
Providing expert witness testimony.
- Hard disk drives (also known as computer disks, hard disks or hard drives)
- USB external hard disk drives
- Mobile phones
- Tablets
- Thumb drives – flash drives, USB stick or memory sticks
- MP3 players
- Floppy disks
- ZIP disks
- Tapes
- Micro drives
- Optical media such as compact disks (CDs), Digital Versatile Disks (DVD) and camera cards.
ACPO Good Practice Guide for Digital Evidence
Our computer forensics experts adhere to the Association of Chief Police Officers (ACPO) Good Practice Guide for Digital Evidence.
The main principles of the ACPO Good Practice Guide for Digital Evidence are:
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
Principle 2: In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3: An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Mobile Device Forensics
What is Mobile Phone Analysis and Tablet (ie iPad) Analysis?
Mobile phones and Tablets are, for most people, an essential item. Not only do they make phone calls but they act as cameras, MP3 and video players, web browsers and they are used for storing an endless amount of data including personal information.
It is all of this that make mobile phones and tablets ever more relied upon as evidence in investigations; however they can provide useful information both for the suspect and the prosecution.
Mobile Phone Analysis
During mobile phone analysis data may be identified in three areas: (1) the mobile phone internal handset memory; (2) the SIM (Subscriber Identity Module) card or USIM (Universal Subscriber Identity Module) card and (3) removable memory cards (e.g. micro SD or Memory Stick).
Griffin Forensics have the expertise to examine a wide variety of mobile phone models from leading manufacturers including iPhone, Nokia, LG, Sony Ericsson, Motorola, Siemens & Samsung. During a mobile phone analysis we may be able to retrieve information pivotal to your case including, but not limited to, call records, phone-book entries, text messages, multimedia messages, pictures and, in some instances, deleted data.
We are also able to extract voice recordings from a device and transfer them to a more user-friendly format, such as CD-ROM, enabling the recordings to be used in court in a normal CD player.
Tablet (ie iPad) Analysis
Tablets can also contain a significant amount of data and our Tablet Analysis supports using the following operating systems (subject to software version): Windows Pocket PC; Palm; Blackberry; Symbian 6.0 and EPOC 16/32 (Psion devices).
Cell Site Analysis
Cell Site Analysis is the analysis of all available mobile telephone records in order to establish movement, usage patterns and the possible attribution of a mobile phone. Cell Site Analysis is used mainly in criminal investigations and the evidence can be useful for both the prosecution and the defence to determine if a mobile handset (and by association its owner/user) were at the scene of a crime at the time that it was committed.
Portable Satellite Navigation System Forensics
Satellite navigation systems, also known as Sat Nav (Sat-Nav, SatNav) or GPS are used every day to provide drivers of all types of vehicles with accurate directions to predetermined destinations. Sat Nav forensics can identify a whole range of useful information, including a person’s home or business address, details of locations visited, times and dates of journeys and details of contacts.
This information can be used as evidence in criminal or civil legal proceedings. Examination of these systems for court is known as Sat Nav Forensics or Sat Nav Analysis. Our experts have the ability to forensically examine the internal memory of a satellite navigation device and also any removable memory cards that may be present.
Sat Nav Manufacturers The most common satellite navigation systems are TomTom, Navman, Garmin and Road Angel.
Tablets (ie iPad) Tablets can also be used as a satellite navigation system, using navigation software and a GPS receiver; these too can contain a wealth of useful information.
Built-In Satellite Navigation Systems NB: We do not conduct the forensic examination of built in sat navs.
CCTV Forensics and Analysis
Extraction, Review and Presentation of CCTV Footage (CCTV Analysis)
Closed-circuit television (CCTV) is now playing a major part in the prevention and detection of crime; it may also provide a defendant with evidence of their, or other people’s actions, which could be crucial to proving their innocence. CCTV analysis includes the extraction, review and presentation of CCTV footage for legal matters.
With some CCTV systems, the extraction of the CCTV footage to a CD or DVD so that it can be viewed and presented using a normal computer system is a fairly straightforward process. However, with other systems, the CCTV analysis can be more time consuming and complex. Additionally, failure of the CCTV hard disk drive can result in the requirement for a forensic data recovery before the CCTV analysis can start.
Forensic Data Recovery
Computer media is prone to failure and, when that computer media potentially contains useful evidence, its recovery may be the difference between success and failure for the case. Our experts have successfully carried out forensic data recoveries from hard disk drives which have been subjected to:
– deliberate physical impact
– immersion in salt water
– exposure to fire and smoke.
In each of the above cases a successful forensic data recovery was pivotal to the subsequent investigation and court case.
Our forensic data recovery experts use their extensive data recovery knowledge and skills, together with forensic evidence handling techniques to ensure the integrity of the recovered data.
If you have a forensic data recovery requirement call 01280 707190 or
email info@griffinforensics.com for a quote.
Data Destruction
Many companies and individuals discard old computer media when it is no longer required either due to failure or because of an upgrade. Modern computer media holds a significant quantity of, often, sensitive data and, if the digital media falls into the wrong hands, so does that sensitive data.
Data destruction is the secure wiping or physical destruction of the computer media so that the data is no longer recoverable. We will provide you, on request, with a certificate for all computer media data destruction that we undertake on your behalf.
Incident Response / On-Site Data Collection
Situations involving on-site imaging (producing a forensic copy of digital media) can develop or change quickly. Intelligence may suggest two or three computers on the target site(s) but once accessed is gained, it is not unusual for the anticipated figures to be wide of the mark – either there are no computers or there are 20 or 30 hard drives to be imaged.
We can quickly mobilize additional resources to a site when required, or we are happy to offer you telephone advice and only attend the target site once entry has been gained and the need for digital forensics expertise positively established. We are prepared to image the digital media on-site, or move it to a nearby location (such as a hotel) for the imaging; we are flexible to enable us to meet your requirements.
We offer assistance with the wording when preparing a search and seize order and we will work with you during the execution of the search and seize order to help identify appropriate target media and the best approach for gathering the maximum amount of evidential material.
Case Studies
At Griffin Forensics we work on many different cases which include:
– Indecent images of children and child abuse investigations
– Murder and terrorism investigations
– Political corruption and immigration investigations
– Trading standards investigations
If we can assist with these difficult kinds of cases please call 01280 707190 or
email: info@griffinforensics.com
Follow us
Contact us
T: 01280 707190
Calls may be recorded for training and quality purposes
Company Registration No: 6007632 - Company Registered in England | VAT Registration No: 897762143
© Griffin Forensics Ltd 2022 | Site by Pinsah Design |