Frequently Asked Questions
Why do I need a 'forensic' examiner?
Computer Forensics is a highly specialized skill requiring specialized
hardware and software. A forensic examiner is trained to recover and
analyze data on digital media without altering or damaging the original
media or data. This is extremely important when the forensic results
are used as evidence in court. You do not want the validity or security
of the evidence questioned because the data was handled improperly.
Proper training and equipment is required to ensure that your data is
I know someone who is computer savvy. Can't they do this?
Absolutely not. Without the proper tools and training, simply turning
the computer on will alter the contents of a hard drive and destroy
potentially valuable data. That data may very well be the smoking gun
or lost file that you were looking for. And you'll never know it was
there. It's gone forever.
What can a forensic examination find?
Most activity conducted on a computer can be tracked. These are some of the things we can locate and report on:
- Current and deleted email.
- Current and deleted files, folders, images and videos.
- Internet activity including web sites visited, dates & times visited and how often. Deleted Internet activity can also be recovered.
- Location and recovery of deleted or lost images.
- Recovery of lost or deleted data from digital cameras, memory sticks, thumb drives, etc.
- Instant messaging activity (AIM, Yahoo, IRC chat, etc.).
- Social media activity and images, including chats.
- Recovery of deleted or formatted drives and partitions.
- Locate intentionally hidden files or data.
- Locate and open password protected files and folders.
- Malware and viruses.
- Cell phone contents including contact lists, text messages, images, videos.
Will you find everything I'm looking for?
What we are able to find is very dependent on how soon we get the media
after the activity in question and how the media was handled prior to
receiving it. The longer the media is 'fiddled' with by untrained
personnel, the less chance there is for recovery. Trying to search for
or recover data without the proper tools and training WILL destroy data.
I suspect one of my computers is compromised or may contain evidence. What should I do?
- If the computer is off, leave it off. Isolate it from the network
(if attached to one), secure the computer/media and document the steps
you've taken so far. If you believe that this computer will be used as
evidence, it is imperative that you protect it from the possibility of
contamination. It needs to be locked and secured until it is shipped to
- If the computer is running, do not shut it down with the power
button or 'Start' button. Simply pull the plug from the back of the
computer and that's it. If your computer is a server running a server
operating system with a RAID configuration, contact us for proper
shutdown procedures. If you don't know what any of the means, you
probably don't have one.
- DO NOT try to recover anything yourself. Simply turning the computer on will destroy valuable data.
What do I need to do to get my job started?
Check our rates to determine the type of examination you require.
Typically, we can do everything through the mail or shipping services.
Here's what we will need from you to get started:
Also check our shipping instructions page for tips on how to ship your media or computer.
Why should I choose D-Tech Services for my job?
Excellent question. The same question you should ask any company you
are considering for your forensic or data recovery work. You want a
company with qualified and experienced people that know how to do it
- All of our associates are current and retired law-enforcement forensic experts.
- Court-qualified experts in computer forensic and forensic related testimony.
- Complete knowledge of evidence handling laws and procedures.
- Our certifications and experience include -
- Certifications by the US Dept of Homeland Security and the State of
California as a Seized Computer Evidence Recovery Specialists and
Computer Crimes Investigators.
- Certifications by Guidance Software, Inc. as Encase Certified Examiners.
- Instructors for Guidance Software, Inc. teaching Encase to law enforcement and private industry worldwide.
- Experience with a wide variety of forensic and data recovery
software tools including Encase, Forensic Toolkit (FTK), Black Bag,
Paraben Tools, Lantern, Cellebrite, etc.
Are there limitations to what you can or will do?
- We cannot and will not do any criminal defense work or any cases related in any way to the City of Los Angeles.
- We are obligated by law to report any evidence of a crime found on any item submitted for analysis or recovery.
- We do not fix broken hardware. Your hard drive or storage device
must power up and operate. If it doesn't, contact us and we can
recommend a data recovery service that repairs hardware.
- We cannot recover wiped or overwritten data.
Copyright 1992-2012 D-Tech Services, LLC