Digital Forensics
Information about employees, customers, business relationships, and
business documents is stored all across the enterprise in a multitude of
technologies making it extremely difficult to locate. The lack of
understanding about where particular information can be found, whether
that information has been altered, and how to extract that information
while maintaining file and metadata integrity poses a considerable
challenge to companies preparing to respond to a Discovery request.
The forensics professionals at JCS approach forensic
investigations using a modified version of National Institute of
Standards and Technology (NIST) methodology for integrating forensic
techniques into incident responses as presented in Special
Publication 800-86. Our approach includes the following 4
phases:
- Identification and Collection: Identify
possible sources of data then label, record and acquire data from
those sources while preserving the integrity of collected data.
- Forensic Examination: Use manual and automated
methods to assess and extract specific data of interest, while
preserving the integrity of the data.
- Analysis: Use legally justifiable methods and
techniques to derive useful information.
- Reporting: Describe actions used and explain
how tools and procedures were selected, determine what other actions
need to be performed, including forensic examination of additional
data sources.