Computer Forensics is the study of computer systems in order to preserve, extract, analyze and report any data related to malpractice, fraud, any kind of crime or malicious activity.
Computer Forensics include the study of volatile memory (RAM), the permanent memory (ROM), hard disks and other magnetic and optical storage media. It however extends to several other areas. Here at Strathclyde Forensics we refer to that umbrella of disciplines as Digital Forensics. Browsing through our menus, you can see all the different areas where digital forensics expand.
Computer forensics include the discovery, recovery, analysis and reporting of several forms of data including electronic documents, emails, web pages, internet browsing history, login details, access to other devices like printers or networks, images, video, sound, and even traces of local activity.
There are certain misconceptions about what computer forensics is and is not, and part of the blame has to go to the popular TV crime and science fiction shows.
In our investigations we have recovered browsing history, emails and documents that go back to more than 10 years. We have recovered deleted images, documents and videos, and we even recovered information about when a specific user opened a specific document file, years ago.
The amount and quality of information that can be recovered is dependant upon certain factors. The usage of the computer since the time of the incident that is investigated is one of the most important factors.
At Strathclyde Forensics we shall always discuss the limitations of each examination beforehand, so you are aware of the possible results.
When it comes to recovery of data and evidence from hard disk drives, our success rate is most of the times more than 100%, in the sense that we return to the client with more evidence and data than the client anticipated.