Released on: November 18, 2007, 5:32 pm

Press Release Author: Karen Unger

Industry: Consumer Services

Press Release Summary: The field of computer forensics was developed primarily by
law enforcement personnel for investigating drug and financial crimes. Electronic
discovery has its roots in the field of civil litigation support and deals with
organizing electronic files.

Press Release Body: Computer Forensics

The field of computer forensics was developed primarily by law enforcement personnel
for investigating drug and financial crimes. It employs strict protocols to gather
information contained on a wide variety of electronic devices, using forensic
procedures to locate deleted files and hidden information.

Computer forensics tasks include capturing all the information contained on a
specific electronic device by using either a forensic copy technique or by making an
image of all or a portion of the device. A forensic copy provides an exact duplicate
of the hard drive or storage device. None of the metadata, including the าlast
accessed date,ำis changed from the original. However, the copy is a
าliveำversion, so accessing the data on the copy,even only to าsee
what is there,ำcan change this sensitive metadata.

By contrast, making a forensic image of the required information puts a protective
electronic wrapper around the entire collection. The collection can be viewed with
special software, and the documents can be opened, extracted from the collection,
and examined without changing the files or their metadata.

Other forensic tasks include locating and accessing deleted files, finding partial
files, tracking Internet history, cracking passwords, and detecting information
located in the slack or unallocated space. Slack space is the area at the end of a
specific cluster on a hard drive that contains no data; unallocated space contains
the remnants of files that have been าdeletedำ but not erased from the
device, as าdeletingำ simply removes the pointer to the location of a
specific file on a hard drive, not the file itself.

Electronic Discovery

Electronic discovery has its roots in the field of civil litigation support and
deals with organizing electronic files using their attached metadata. Because of the
large volume encountered, these files are usually incorporated into a litigation
retrieval system to allow review and production in an easy methodology. Legal data
management principles are used, including redaction rules and production
methodologies.

Electronic discovery tasks usually begin after the files are captured. File metadata
is used to organize and cull the collections. Documents can be examined in their
native file format or converted to TIF or PDF images to allow for redaction and easy
production.

Common Capabilities, Different Philosophies

Computer forensics and electronic discovery methodologies share some common
capabilities. One is the ability to produce an inventory of the collection, allowing
reviewers to quickly see what is present. Another is the ability to determine a
common time zone to standardize date and time stamps across a collection. Without
this standardization, an e-mail response may appear to have been created before the
original e-mail.

Web Site: http://www.amdoc.com

Contact Details: info@AmDoc.com