Ed "The Computer Wizard"

"The Computer Wizard" Technical Services

 

Using an arsenal of industry standard tools and procedures, we have the ability to trace the steps that hackers have taken through your system.

Whether you have an employee surfing inappropriate sites or a spouse having an online affair, you deserve to have the facts!

My Training and Experience

I was trained by John Seither, a guest professor from CompuForensics teaching classes at Southern Methodist University's San Antonio satellite campus. He has multiple courses available and I took them all! In class, we covered everything from initial response team procedures, to more advanced investigations using Linux. This is also where I gained experience following chain of evidence procedures.

Since then, I have taken many more forensics and ethical hacking classes in order to keep my skills sharp. I worked as the lead forensic investigator for a multi-national financial institution, and have worked many cases for individuals.

Software

In order to obtain the highest quality results, we have compiled an assortment of the best tools available today.

We use WinHex, X-Ways Forensics, FTK, and many other tools of this caliber.

Primary forensic software has been tested and approved by The National Institute of Justice and The National Institute of Standards and Technology in their Computer Forensic Tool Testing project.

Services

Each case is handled individually and services can be customized as needed. The drives are examined using a write block in order to prevent any data being written to the drive. The following services can be provided on a hard drive, hard drive image, removable media (CD-ROM, floppy disk, zip disk, etc), as well as flash media (memory cards, USB drives, etc.)

Full Forensic Analysis of a suspect device
Email recovery and web history
recovery of deleted items
Live Data Acquisition

There are multiple Levels of Forensic Computer Examinations

Level 1:
This is a basic discovery level, the hard drive is previewed using a Live Analysis CD; the hard drive is accessed, but not saved as an image. A significant amount of data may be discovered at this level, and an evaluation of potential evidence determined, especially if defined data is known and requested (such as the recovery of a specific file). However, there are limitations at this level that will be fully explained to the client before continuing.

Estimated time to accomplish this task is one day (4 to 10 hours), the variable depends on the demands of the client and the goals of the specific investigation.

Level 2:
This is the most frequently required type of examination, a standard examination, is more extensive, requiring that a "clone-copy" of the media be created, which is then used for the examination. This focuses on the recovery of specific data (both deleted and active): text, graphics, date codes, etc. Exam time is widely variable, depending primarily on the client's requirements, the applications necessary to extract data, scope of keyword searches, the operating system, the media (e.g., size of the hard drive), and a number of other factors, all of which have a combined impact on the time involved.

Estimated time to accomplish this task is two days (10 to 20+ hours).


Level 3:
The most extensive examination is an advanced examination, which includes a full investigation of trace artifacts, latent evidence, slack and unallocated space, and a comparative analysis of the data, date and time stamps, links, a full-and-complete examination and analysis of the media and related corroborative evidence within the computer. This exam is not strictly dependent on specifics from the client, but is and of itself a full and complete investigation. This extent of examination is especially useful when seeking computer evidence that is confirmed from several related areas within the computer. This may provide irrefutable evidence that is then used to corroborate or refute specific allegations. For example, date codes may be linked to specific files, which are linked to hidden artifacts, which are linked to graphics, which are linked to e-mail, etc. Factors to consider include those previously noted plus password protection, hardware configurations, keyword searches, the extent of the report, etc.

Estimated time to accomplish this task is two to three days (20 to 30+ hours).

While the hourly rate is negotiable depending on the situation, the base price is $125.00 per hour. If you check around, you will find that most others charge far more.

 

FREE Corporate Training

We can teach your IT staff how to properly acquire forensically sound evidence and follow chain of custody procedures so that a proper hand off to our team can be achieved. This "First Responder" training is free to all companies that agree to use our services for their forensic and data recovery needs!

 

 

Home | About Us | Privacy Policy | Contact Us

©2004 - 2008 Ed "The Computer Wizard"

Web Hosting with TotalChoice