Shopping Cart
Your Cart is Empty
Quantity:
Subtotal
Taxes
Shipping
Total
There was an error with PayPalClick here to try again
CelebrateThank you for your business!You should be receiving an order confirmation from Paypal shortly.Exit Shopping Cart

PenrodEllis FDD offers four distinct services: Data Preservation, Electronic Discovery (eDiscovery), Computer Forensics (also called Digital Forensics), and Information Systems Security. Although some methods and processes are shared (such as Data Preservation procedures), eDiscovery, Computer Forensics and Information Systems Security are not the same thing. The forensic recovery and production of active, user-generated ESI, including both data and metadata, is the primary focus in eDiscovery. When the focus shifts to the analysis of both active and latent ESI, which is any salvageable deleted, temporary, discarded, and partially overwritten data), the investigative process changes also, from eDiscovery to Computer Forensics. Information Systems Security is concerned with the analysis of active, system-generated ESI as well as volatile, onboard memory.


The following information will assist you in understanding the differences.

PenrodEllis FDD of Denver, Colorado conducts forensically recovers ESI in e-discovery, digital forensics and incident response cases from bit stream images collected from digital electronic devices.
PenrodEllis FDD of Denver, Colorado preserves ESI in e-discovery, digital forensics and network security investigations by collecting forensic bit stream images from the digital electronic devices on which ESI is stored.

DATA PRESERVATION

Data Preservation is the basis for eDiscovery, Computer Forensics and Incident Response. While approaching ESI from dissimilar perspectives, each process recovers it from the same source: a forensic bit-stream image. It is the "best evidence" at trial. Analysis of the original storage media is not conducted. Exceptions exist of course, such as the initial phase of an incident response, but they are rare. The actual process of recovering ESI in eDiscovery, Computer Forensics, and Information Systems Security cases is conducted on the forensic image. 

ELECTRONIC DATA DISCOVERY

Electronic Discovery involves the recovery and production of active, user-generated files (email messages, documents, spreadsheets, databases, etc.), and file metadata. Active files are located in allocated clusters on a storage drive. Allocated clusters are simply the formatted storage units that contain operative, accessible ESI. After eDiscovery processing, which filters for relevance and eliminates duplicates, recovered ESI is turned over to the client's attorney for privilege review and production. Analysis of the data set by the e-discovery technician is not conducted.

In e-discovery cases, PenrodEllis FDD of Denver, Colorado captures user generated ESI, such as email messages, text documents, databases, etc., from allocated space only. After e-discovery processing, potential relevant ESI is turned over to the client's attorneys for document and privilege review. Analysis of the ESI by the electronic discovery technician is not conducted.
In digital investigations of computers, PenrodEllis FDD of Denver, Colorado captures user generated ESI from both allocated and unallocated space. PenrodEllis FDD of Denver, Colorado also recovers other ESI in the form of logs, index entries, link files and historical records. Our forensic computer examinations include analysis of allocated and unallocated files to establish its meaning and significance.

DIGITAL FORENSICS

A digital forensic examination captures system, application and user generated ESI from both allocated and unallocated clusters. Unallocated clusters on a storage drive contain latent data, including deleted, temporary, and discarded files as well as residual data from partially overwritten, latent files. Digital forensics also recovers other ESI in the form of logs, index entries, link files and historical records. We call these types of files File Tracking Records (others call them file artifacts) as they contain additional attributes and information about files, which we call ambient metadata, that are not found in system- and application-generated metadata. PenrodEllis digital forensics services include computer examinations (laptop forensics, desktop forensics, server forensics), mobile device examinations (cell phone forensics, smartphone forensics, tablet forensics), storage examinations (drive forensics, USB forensics, flash card forensics, cloud forensics), and security examinations (network intrusion forensics, computer compromise forensics). 

INCIDENT RESPONSE

The principal investigation involving Information Systems Security is computer incident response (IR). CIR is an emergency security assessment of network devices (routers, gateways, switches), servers, client workstations, & storage arrays that may have been accessed by a hacker or malicious software. The initial analysis is conducted on booted (online or "live") computers whereas subsequent examinations are conducted on forensic bit-stream images collected from the compromised computers. Live computer analysis is a complex processes as the ESI under review is volatile and is moving or changing while the examiner analyzes it.

PenrodEllis FDD of Denver, Colorado conducts Incident Response as part of an emergency computer examination of network-linked servers, workstations, routers and attached storage that may have been compromised by a hacker or malicious software.
0