iForensics digital forensics process

Our service process is as follows:

  • Step 1 - Collect Customer information:
    After being authorized by our customers, we'll conduct a client service interview and produce the related clues for this case. Our main goal is to identify the searh scope and locate the key evidence. After knowing the target of hardware, operating system, application system, and data stored method, we can determine the suitable forensic tools and execution methods for this investigation.

  • Step 2 - Formulate the forensics investigation plan:
    According to the customer's requests and information collected, we'll prepare the forensics software and hardware properly to acquire all possible digital evidence. To avoid the possible interruptions and maintain the confidentiality of the corporate operation, we will adjust a feasible execution plan.

  • Step 3 - Acquire digital evidence and duplication:
    When acquiring the digital evidence remotely or on-site, we will maintain the Chain of Custody. We will secure the site to prevent digital evidence from tampering during acquisition. We will make the duplication from the original digital evidence and verify the HASH value. Regarding to the running server, we will gather the necessary information about running process and important files. We will maintain the Chain of Custody and document all actions taken.

  • Step 4 - Perserve and analyze the digital evidence:
    We will preserve the original digital evidence properly and keep maintaining the Chain of Custody. We will start analyzing and searching from the duplication images or hard drives. Depending on the case differences, we may have several tasks as follow: recover deleted files, parse specific data type(such as:email/web activity/registry/log, etc), crack encrypted files, and search unallocated area or hidden files.

  • Step 5 - Generate forensics report from analysis:
    According to the result of the analysis from step 4, we will retrieve the founded digital evidence files with our explaination. In general, we will bookmark the findings and have the explaination well written in the final report. The report will be scrutinized by peer reviewing process before its final release.

  • Step 6 - Provide expert witness service:
    If the judicial process starts, we could provide expert witness service, assist to explain, or review cases upon request.