Frequently Asked Questions


Why do I need a 'forensic' examiner?

Computer Forensics is a highly specialized skill requiring specialized hardware and software. A forensic examiner is trained to recover and analyze data on digital media without altering or damaging the original media or data. This is extremely important when the forensic results are used as evidence in court. You do not want the validity or security of the evidence questioned because the data was handled improperly. Proper training and equipment is required to ensure that your data is safe.

I know someone who is computer savvy. Can't they do this?

Absolutely not. Without the proper tools and training, simply turning the computer on will alter the contents of a hard drive and destroy potentially valuable data. That data may very well be the smoking gun or lost file that you were looking for. And you'll never know it was there. It's gone forever.

What can a forensic examination find?

Most activity conducted on a computer can be tracked. These are some of the things we can locate and report on:
  • Current and deleted email.
  • Current and deleted files, folders, images and videos.
  • Internet activity including web sites visited, dates & times visited and how often. Deleted Internet activity can also be recovered.
  • Location and recovery of deleted or lost images.
  • Recovery of lost or deleted data from digital cameras, memory sticks, thumb drives, etc.
  • Instant messaging activity (AIM, Yahoo, IRC chat, etc.).
  • Social media activity and images, including chats.
  • Recovery of deleted or formatted drives and partitions.
  • Locate intentionally hidden files or data.
  • Locate and open password protected files and folders.
  • Malware and viruses.
  • Cell phone contents including contact lists, text messages, images, videos.

Will you find everything I'm looking for?

What we are able to find is very dependent on how soon we get the media after the activity in question and how the media was handled prior to receiving it. The longer the media is 'fiddled' with by untrained personnel, the less chance there is for recovery. Trying to search for or recover data without the proper tools and training WILL destroy data.

I suspect one of my computers is compromised or may contain evidence. What should I do?

  • If the computer is off, leave it off. Isolate it from the network (if attached to one), secure the computer/media and document the steps you've taken so far. If you believe that this computer will be used as evidence, it is imperative that you protect it from the possibility of contamination. It needs to be locked and secured until it is shipped to us.
  • If the computer is running, do not shut it down with the power button or 'Start' button. Simply pull the plug from the back of the computer and that's it. If your computer is a server running a server operating system with a RAID configuration, contact us for proper shutdown procedures. If you don't know what any of the means, you probably don't have one.
  • DO NOT try to recover anything yourself. Simply turning the computer on will destroy valuable data.


What do I need to do to get my job started?

Check our rates to determine the type of examination you require. Typically, we can do everything through the mail or shipping services. Here's what we will need from you to get started:


Also check our shipping instructions page for tips on how to ship your media or computer.

Why should I choose D-Tech Services for my job?

Excellent question. The same question you should ask any company you are considering for your forensic or data recovery work. You want a company with qualified and experienced people that know how to do it right.

Our qualifications:

  • All of our associates are current and retired law-enforcement forensic experts.
  • Court-qualified experts in computer forensic and forensic related testimony.
  • Complete knowledge of evidence handling laws and procedures.
  • Our certifications and experience include -
  • Certifications by the US Dept of Homeland Security and the State of California as a Seized Computer Evidence Recovery Specialists and Computer Crimes Investigators.
  • Certifications by Guidance Software, Inc. as Encase Certified Examiners.
  • Instructors for Guidance Software, Inc. teaching Encase to law enforcement and private industry worldwide.
  • Experience with a wide variety of forensic and data recovery software tools including Encase, Forensic Toolkit (FTK), Black Bag, Paraben Tools, Lantern, Cellebrite, etc.

Are there limitations to what you can or will do?

  • We cannot and will not do any criminal defense work or any cases related in any way to the City of Los Angeles.
  • We are obligated by law to report any evidence of a crime found on any item submitted for analysis or recovery.
  • We do not fix broken hardware. Your hard drive or storage device must power up and operate. If it doesn't, contact us and we can recommend a data recovery service that repairs hardware.
  • We cannot recover wiped or overwritten data.






Copyright 1992-2012 D-Tech Services, LLC