ACS Capabilities

In civil cases clients usually want to preserve and search for evidence residing on one or more hard disk drives. ACS maintains extensive resources to meet this need, as well as others.

A drive to be examined for evidence may be part of a network, such as a workstation or server. Very often the source drive is in a laptop. And occasionally it's in a stand-alone PC.

We can make a forensic copy of a hard disk drive in different ways, though in all cases the original data remains pristine and unaltered on the source drive. A copy of the source data can then be examined or it may be stored for later use.

ACS can:

• Acquire an image of the source drive data
We use industry standard software and fast, write-blocked hardware to copy an image of the original data on the source drive to separate media. This type of image is needed in order to conduct thorough searches and analysis. It's also a relatively inexpensive means of preserving evidence in case it's needed later.

• Make a physical bit-for-bit duplicate of the source drive
When an exact physical copy of a source drive is needed, we have the equipment to it. In fact, we can make multiple copies. A physical forensic copy can be useful when it's important for the copy to be on the same size drive as the source, such as a hot spare back-up for a source drive will remain in service. If a copy of the source data must be distributed to multiple parties, it may be desirable to have the data on an exact physical forensic copy of the source rather than on CDs, DVDs, or a drive of a larger size.

• Copy a drive in the ACS lab or on site
While our lab offers convenience and easily accessible resources, in some cases work must be completed on site. Unless there is a legal reason to seize and retain source media, we usually need access to the media for only a limited time in order to make a forensic copy.

• Analyze the drive and conduct keyword searches
With forensic software we can examine the entire image of the drive, including slack and unallocated space. We can also limit the search by specifying parameters. We can analyze patterns of use. We can search for one or more specific keywords, combinations of keywords, or types of files, all in one sweep. And we can look everywhere, at text fragments, the remains of deleted files, metadata that's usually hidden from the user. However, we can only find information that is present.

• Provide intelligent support
In many cases, the analysis of the data and search for information become refined during the project. As we listen to client objectives, we can offer suggestions on how to optimize results while minimizing costs.

• Document project and report results clearly, accurately, and concisely
The expertise of our team of consultants extends beyond IT and includes communications, project management, and management consulting. We understand that doing the work is only part of the project. We keep the client team updated throughout the project, explaining the process and the results in easily understood terminology. Our reports and statements are clear and succinct, with appropriate supporting detail.

• Serve as expert witness
We have produced exhibits and our staff have testified in trials. We're also available to advise on the presentation of technical information.

• Work after hours
To meet tight deadlines, accommodate going concerns, or secure client privacy, we work flexible hours, evenings, and weekends.

• Manage project throughout life cycle
From the definition of scope through the disposition of data, we can supply the services required. We maintain chain of custody, perform the work, act as third party custodian, assure timely back-ups of source data and work product, maintain confidentiality, and dispose of data properly. We offer turnkey service, staffing a project as needed and utilizing service partners when appropriate.

For more information about our services, call ACS at 713-664-8200.