Forensics Provides Insight


Contrary to common believe, most internal IT teams or system administrators are not equipped or trained to capture digital evidence. Securing and working with digital evidence does not allow any room for error. A single misstep can render the only available piece of evidence useless.

To successfully handle and manage digital evidence, special tools, experience and training is required. Proactive Discovery meets such prerequisites to successfully acquire and secure digital evidence.

We are able to collect from a variety of devices which includes, but not limited to:

  • Laptop computers
  • Desktop computers
  • Network locations (commonly referred to as “home” or “group” shares)
  • USB thumb drives
  • and much more

There are typically two types of collections that we specialize in, they are:

  • Forensic (bit-by-bit) image
  • Electronically stored information (ESI) collection

Forensic image: Typically a forensic image is performed to preserve any possible evidence existing on a digital device at the time of capture. With this type of forensic copy, an examiner is capable of recovering files that have been deleted, identify Internet browsing habits, find traces of malware applications deployed as part of a cyber crime, etc. This type of evidence collection is required for true investigatory work which require the reconstruction of events or user behavior.

ESI collections: This type of collection is usually part of an eDiscovery request to preserve data. A collection of this kind differs from the above in that it only captures file types (i.e. Microsoft Office, PDF, email, etc.) that were agreed upon by counsel. Another significant differentiator is that this type of collection typically does not include deleted files and focuses on files that are readily accessible to the custodian at time of collection.