Recovering data and retrieving evidence from damaged and protected devices is a specialist skill. Often in the case of an incident or critical system compromise, this needs to be achieved on a tight deadline and in compliance with specific parameters to ensure business continuity and guarantee resilience.
Helping organisations recover and
analyse data on everything from
malicious attacks to insider threats
since 1996, the team combines swift
response times with a proven
In-depth: Retrieve data from the full range of damaged systems, including those where it has been forcibly deleted, including tape, hard drives, DVD, RAID arrays, mobile devices and more.
Compliant: The Sapphire forensic team was one of the first to be ISO 27001 certified, and our response procedures help organisations comply with required standards such as Mandatory Requirement 37 of the Security Policy Framework
Learn: As well as running a series of open educational courses, Sapphire also delivers tailored Forensic Awareness courses bespoke to each organisation.
Digital Forensics, also referred to as Computer Forensics, is the process of identifying, collecting, preserving, and analysing Electronically Stored Information (ESI). This can exist in various forms like email messages, network log files, and digital images. A digital forensic specialist can access this data from computer hard drives, servers, thumb drives, mobile phones, DVD, and any other digital storage media.
Digital Forensics can be used for a number of reasons, for example in investigations looking to determine compliance or litigation, or for investigating timelines in incidents.
Digital Forensics can be useful when there is:
Digital Forensics focuses on providing evidence regarding how a computer was used, the files that were accessed, the time of access, and the user’s identity. Through Digital Forensic investigations, it is possible to identify, assemble, analyse and elaborate on vast amounts of digital data useful in court.
Data recovery is a step in the evidence gathering process in a computer forensics investigation whose goal is to recover the files or folders lost in damaged computers, disk drives, media, or operating systems. This process can help with the recovery of “lost” data from storage media.
A Digital Forensics expert will take the following steps during a typical investigation:
The first thing to determine is the objective and purpose of the investigation.
Next, the investigator will image the data to protect and preserve evidence from alteration, corruption, damage, or malicious software. If the data is tainted, it may be rendered inadmissible in a court of law.
Then, it is important to confront the legal issues connected to the evidence like protecting privilege, navigating the discovery process, or relevant case law.
Finally, after all the relevant files are identified, data analysis is performed. This also takes into account information that could have been deleted or which exists in the slack space, which requires advanced digital forensic tools and techniques.
Once digital investigations conclude, the forensic science expert should give you a detailed report explaining;