Our Services

Computer Forensics / E Forensics

What is Computer Forensics?
Computer Forensics is the preservation, identification, extraction, documentation and interpretation of computer media for evidentiary and/or root cause analysis. It is also referred to Electronic Discovery, Electronic Evidence Discovery, Digital Recovery, Data Discovery, Computer Analysis and Computer Examination.

What is Computer Crimes?

• Fraud
• Identity Theft
• Defamation
• Copyright
• Gambling
• Child pornography
• Anti-spamming
• Terrorist
• ...

Why computer Forensics ?

• Computer forensics can protect YOU from false accusation
• Computer Forensics can lead to recovery of loss, damaged or destroyed digital information

The Process

Determine legal right
Investigator must obtain authorization from authorities such as; legal department. This is an important issue, because without authorization, evidence gathered may not accept.

Design for Evidence
A good start might be photographing the original hardware setup, anything which may related to case should fully recode, for instance, Location, Time, Date, Serial Number, etc...
All the evidence should isolated and protected. The chain of custody form, helps to find out who has touched the evidence, also it’s a way to demonstrating the evidence hasn’t been damaged. All the process should be fully document at the end.

Produce records
All media must been write protected. Write protecting a digital evidence guaranties that the evidence is not altered or erased during investigation process.
Creating a bit streaming backup (Mirror Image) of the digital media is the following step. When imaging has been done, A Hash value has to implement to both Master and Copy evidence to confirm that duplication process done properly.

Collect evidence
During this step, examiner must determine where to collect evidence from and decide the best order to gather the data. This can be done through several processes, to include: searching for hidden information, user file, deleted file, encrypted file, emails, cookies, and system logs. All the suspicion evidence must be print out and all process must be fully document.

Analysis Evidence
All colleted evidence must be analyze to extract the evidence to answer, “who, when, why and how” questions. Main challenge in this process is to check and run, unknown programs, unknown files, to find out what is the result.

Reporting and presentation
Reporting and Presentation is the conclusions and corresponding evidence from the investigation to convince an authority.
Document the following for presenting to a authority:

• Document the entire seize the evidence and chain of custody.
• Document all the gathered evidence.
• Document what was examined and what was the result.

Data Recovery

Our Data Recovery specialist will take several careful steps to identify and attempt to retrieve possible Data that may exist on a subject computer system:

• Protects the subject computer system during the Recovery examination from any possible alteration, damage,
  data corruption, or virus introduction.
• Discovers all files on the subject system. This includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files.
• Recovers all (or as much as possible) of discovered deleted files
• Reveals (to the extent possible) the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system.
• Accesses (if possible and if legally appropriate) the contents of) protected or encrypted files
• Analyzes all possibly relevant data found in special (and typically inaccessible) areas of a disk. This includes but is not limited to what is called 'unallocated' space on a disk (currently unused, but possibly the repository of previous data that is relevant evidence), as well as 'slack' space in a file (the remnant area at the end of a file, in the last assigned disk cluster, that is unused by current file data, but once again may be a possible site for previously created and relevant evidence).
• Prints out an overall analysis of the subject computer system, as well as a listing of all possibly relevant files and discovered file data. Further, provides an opinion of the system layout, the file structures discovered, any discovered data and authorship information, any attempts to hide, delete, protect, encrypt information, and anything else that has been discovered and appears to be relevant to the overall computer system examination.

Hard Disk Recovery With years of experience, Infinity Forensics provides professional, expert hard drive recovery, hard disk data retrieval services for all types of new and legacy disk storage media. Infinity Forensics provides Hard disk recovery for all type of Hard Drives including:

• All type of storage drive (IDE, SCSI, ATA and SATA)
• All sizes and capacities- 2.5" (Notebook), 2.5" 5.25 " and etc...
• All partition and File system Type (FAT, FAT 32, NTFS, HPFS+, etc)

Our service covered both business and individual home user’s hard disk recovery needs, comfortable in knowing that, for when the data matters most, Infinity Forensics are the capable experts and professionals that can deliver quality results.

Hard Disk Evaluation Upon the hard disk delivered to Infinity Forensics, the media will evaluate by one of our data recovery technicians. The result of evaluation will provide as initial diagnosis result, total recovery cost.

Data and Media Security Keeping Data and media secure is a very high priority for Infinity Forensics. In case of any requirement, Infinity Forensics will open to sign non-disclosure data agreement. In first step all data will write protect and duplicate in order to avoid any damage to original media.

Data Recovery Data recovery is extract data from the digital object according to stated objective. All data according to users needs extract and recover bit by bit.

Returning Data If there is no physical damage to original hard disk all data will transfer to Hard Disk and return to user. If it is determined that the Hard drive cannot be repaired, the recovered data can return as CD, DVD or on a new Hard Disk.

File Recovery Most often data loss occurs with one or more file and does not involve the failure of the entire data storage media. In addition, files can become inaccessible due to accidental delectation, software incompatibility or corruption, etc...
Infinity Forensics provides vast number of file recovery and restoration services for data loss involving many different file types and format structures used with DOS, Windows and Macintosh system, as well as other operating environment such as:

• MS Office [.doc; .xls; .dot; .ppt; .xla; .ppa; .pps; .pot; .msi; .sdw ; .rft; .pub]
• Graphic File [.jpg; .jpeg; .png; .gif; .tif; .tiff; .bmp; .pcx]
• Graphics Metafile [.wmf]
• Enhanced MetaFile [.emf]
• Corel Draw [.cdr]
• CAD [.dwg]
• Adobe Photoshop [.psd]
• Web Format [.html; .htm; .php; .php3; .php4; .phtml; .shtml; .aspx; .xml]
• Outlook [.eml; .pst; .dbx]
• Video & Audio Files (.mpg; .mpeg; .avi; .mov; .wav; .wmv; .mp3; .mid; .asf; .rm)
• Zip Archive (.zip; .jar; .rar; .gz; .tgz; .arj; .7z; .bz2)
• Windows Password (.pwl)
• dBase Files (.dbf)
• Lotus (.sam ; .lwp ; .wk1 ; .wk3 ; .wk4)
• ...

Recover data files are returned on a CD or DVD. Files can also be returned via the Email.