Computer Litigation Resources, LLC

The purpose of a forensic analysis is to answer questions about what a user of a computer knew, saw, said, or did. By carefully gathering, preserving, and analyzing the information that is stored on a computer, it is possible to produce evidence that can support or refute a particular hypothesis of user behavior. When data is collected properly, it is often admissible as evidence in court.
There is a surprising amount of information available to a trained forensic analyst. A single computer hard drive will typically have tens of thousands of files on it. It also will have an large number of disk artifacts left which are normally invisible. These can include the dates that email or files were viewed or deleted; full or partial copies of deleted files; information about what files were copied off the system or printed out; transcripts of chat sessions; and a rich history of what web pages, images, and e-mails the user saw.
Given these files and artifacts, an analyst can reconstruct what activity occurred on a system. This can be used to show what the user opened, typed, or deleted. It is also possible to demonstrate that potential evidence was purposefully destroyed. Cases often hinge on such evidence.

Computer Litigation Resources, LLC
	forensics \| process \| cases \| pricing \| principal \| contact
	The purpose of a forensic analysis is to answer questions about what a user of a computer knew, saw, said, or did. By carefully gathering, preserving, and analyzing the information that is stored on a computer, it is possible to produce evidence that can support or refute a particular hypothesis of user behavior. When data is collected properly, it is often admissible as evidence in court. There is a surprising amount of information available to a trained forensic analyst. A single computer hard drive will typically have tens of thousands of files on it. It also will have an large number of disk artifacts left which are normally invisible. These can include the dates that email or files were viewed or deleted; full or partial copies of deleted files; information about what files were copied off the system or printed out; transcripts of chat sessions; and a rich history of what web pages, images, and e-mails the user saw. Given these files and artifacts, an analyst can reconstruct what activity occurred on a system. This can be used to show what the user opened, typed, or deleted. It is also possible to demonstrate that potential evidence was purposefully destroyed. Cases often hinge on such evidence.