Are you involved in a lawsuit where e-mail evidence can help prove your case? Or, perhaps, you suspect someone of spying on your electronic communications? If you are involved in any court proceeding in which electronic evidence is presented, you need a computer forensic expert. What is computer forensics, you ask? Computer forensics is the science of preservation, processing, identification, discovery, and retrieval of digital evidence from electronic devices such as computers, cell phones, and servers. The methodology used ensures any evidence discovered will be admissible in a court of law. Under a comprehensive chain of custody, we discover electronic evidence for the legal issue in question to prosecute or defend a legal case in computer-assisted theft, computer fraud, data theft, data deletion, computer hacking, computer data manipulation, or any other electronic data legal issue.
Northwest Data Recovery offers both laboratory and on-site services to secure computer evidence. We can retrieve and document evidence from a wide range of computer related crimes—including financial fraud, computer misuse in the office, and internet abuse. The critical data can be anything from a single file on a floppy disk to gigabytes of data on a RAID array. Northwest Data Recovery maintains a strict chain of custody control system and takes security very seriously. All staff with access to evidential work is EnCE® and CCE® certified. We have a fully equipped data recovery laboratory, forensic processing laboratory, secure storage areas, and a Class 100 clean-bench in order to provide the optimal conditions for successful data recovery and forensic processing. When our clients wonder what web pages their children, spouses, and/or employees have visited and when they have done so, they find that our forensic services are just what they need. We can also recover deleted files, e-mail correspondence, and more. Northwest Data Recovery has experienced engineers in courtroom preparation and testimony, and we provide comprehensive reports which invariably prove highly valuable for legal proceedings. If you want to discover the history of any suspect computer system, contact us.
Digital Forensics History
Digital forensics has been around for nearly 40 years, it is still a relatively new discipline. Digital forensics originated in the late 1970s when law enforcement saw a need to investigate financial fraud involving computers. These cases were rare, and the evidence was usually also available in non-digital forms. It was not until the 1980s that investigators began to encounter cases where evidence was only located and stored within computers. These financial fraud cases involving computers resulted in the creation of the Association of Certified Fraud Examiners, which provided training programs for computer investigations. Although, it wasn’t until 1991 that the term ‘computer forensics’ was coined by the International Association of Computer Specialists (IACIS). In addition to the Association of Certified Fraud Examiners, other organizations were emerging everywhere to help law enforcement better understand how to identify and fight these new types of crimes. Because criminals began utilizing the ever-changing technologies to commit crimes, the government began creating new programs to keep up with criminal activity. In 1984, California enacted legislation to establish the Santa Clara County District Attorney’s High Technology Crime Prevention Program (DATTA). Two years later, the founders of DATTA formed the High Technology Crime Investigation Association (HTCIA) with the intent to provide law enforcement with additional resources and training in computer forensics. Over the next few years, the federal government and Department of Defense also established, or re-tasked, programs to help law enforcement combat computer crimes. Some of these programs included:
- the Computer Analysis and Response Team (CART) – originally the FBI’s Magnetic
- the International Association of Computer Investigative Specialist (IASCIS);
- the U.S. Air Force Office of Special Investigation’s Computer Crime Investigator (CCI)
- the U.S. Secret Service’s Electronic Crimes Special Agent Program (ECSAP); and
- the Defense Computer Forensic Laboratory (DCFL).
While similar in purpose, each of these agencies adopted different characteristics, training, and operations based on its organizational needs and philosophy resulting in differences in policies and procedures. The Department of Defense’s central Defense Computer Forensic Laboratory (DCFL) was created to unify the resources of the DoD, making their services available to all branches of the military – supporting the military’s law enforcement, intelligence, and operational needs from one organization. In an effort to support local law enforcement, the FBI started building a constellation of joint federal, state, and local law enforcement laboratories dedicated to digital forensics, which was named Regional Computer Forensic Laboratories (RCFLs). Recognizing the problem of so much variation in policy and procedure, there was a push to create a standard to go beyond mere principles and make digital forensics more like a laboratory discipline. This ultimately resulted in the creation of the Scientific Working Group on Digital Evidence (SWGDE) and the American Society of Crime Laboratory Directors –Laboratory Accreditation Board (ASCLD-LAB). The intent was that each laboratory providing digital examinations would provide their services to a geographic area and operate according to ASCLD-LAB standards. In 2004, the FBI’s North Texas Regional Computer Forensic Laboratory became the first ASCLD-LAB accredited digital forensic laboratory. Over time, a wide variety of non-law enforcement entities began providing digital examinations, including the private sector and traditional forensic laboratories. During the formative years of digital forensics, while programs and agencies underwent changes in methodology, so, too, did forensic tools undergo a transformation. The command line tools of the earlier era started increasing in complexity and began including a more robust graphical user interface. The first of these new tools was Expert Witness for Mackintosh, created by Andy Rosen of ASR Data. Guidance Software licensed the name ‘Expert Witness’ from Andy Rosen which over time evolved into EnCase. EnCase, along with Forensic ToolKit (FTK), became commercial successes and are now recognized as standard forensic tools. Several U.S. Government agencies also took on the task of developing tools. The FBI’s Automated Case Examination System (ACES) and IRS’s iLook tool initially had some success; however, the private sector’s ability to rapidly adapt their products to keep up with the ever-advancing technology eventually doomed these agency-developed tools to obsolescence.
Over the last decade, the open source community has recognized some of the problems with commercial software and has stepped in by developing open-source Linux tools such as Helix, Sleuth Kit, and Autopsy Browser. The digital forensic community has also undergone a developmental process, making more information and help available to those with access to these resources. Through hard-earned experience and the ever-changing face of technology, digital forensics has evolved into what it is today.
What We Offer
- On-site consultation
- Detailed evidence analysis
- General computer consultation
- Network analysis consultation
- Expert forensic witness testimony
We conduct some of our corporate forensic work with associate Richard Goldston, who is a Certified Computer Examiner (CCE®) with the International Society of Forensic Computer Examiners, as well as an EnCase® Certified Examiner (EnCE) with Guidance Software, Inc. He is a retired Peace Officer from the State of California with 33 years of service to Los Angeles County. He has also worked for the last four years as the IT Systems senior security analyst, as well as the Computer Forensic Examiner for the Cyber Crimes Unit of the Idaho State Police. Goldston has testified as an expert witness in computer forensics for the State of Idaho, in Ada County, in Canyon County, in Elmore County, in Idaho County, in Jerome County, in Kootnai County and in Latah County. In California, he has testified as an expert witness in U.S. Federal Court, California Superior Court, California Municipal Court, at civil depositions, and Los Angeles County Civil Service Employment hearings.
Wayne Josleyn is a Certified Computer Examiner (CCE) with the International Society of Forensic Computer Examiners as well as a EnCase® Certified Examiner (EnCE) with Guidance Software, Inc. and Microsoft Certified Professional (MCP). He has testified as an expert witness in computer forensics in Idaho, Washington, Oregon and Federal Court. His more than 18 years of experience in the computer industry recovering data from thousands of hard drives and other electronic devices has given him an intimate knowledge of how data is stored electronically.