Search :  
Our Services - Digital Forensics
Digital Forensics

Q&A
1. What is digital forensics?

Digital forensics is the use of digital investigation and analysis techniques to identify, collect and/ or acquire, analyze and preserve potential digital evidence so that it remains admissible in a court of law. It is a process that must be tested and updated continuously to ensure reliable results.

2. Who uses digital forensics services?

Law enforcement agencies, prosecutors, corporations and individuals can and do make use of evidence revealed by computer forensics specialists.

3. What kind of services do you (we) provide?

We serve law enforcement agencies, prosecutors, corporations and individuals in performing investigation and analysis for:

Computer forensics
Mobile phone / PDA forensics
Embedded device / Smart card forensics
Audio forensics
Video forensics
Internet / Web forensics
Network forensics
Data recovery service

We also provide expert testimonies in court.

4. Do you conduct analysis directly on original evidence?

No. One of the cardinal rules of digital forensics is "Never work on original evidence". The best way to conduct analysis is on a duplicate copy of the evidence, as original evidence could be exposed to the risk of contamination and renders it inadmissible in the court of law.

Evidence is very fragile and needs to be handled properly or it will be easily destroyed. It could be accidentally modified or destroyed with just one keystroke. During digital forensics investigation, the risk of alteration, damage and virus introduction must be eliminated or minimized.

We use forensically sound imaging tools to make a bit-stream duplicate or bit-to-bit copy of the original evidence. Disk imaging is defined as making a secure, forensically sound copy of the potential evidence to another storage device that can preserve the data for an extended period of time.

5. How do I know that there are no data has been changed during digital forensics analysis?

All analysis is done on a forensically sound copy of the original evidence. For security purposes, there is a system of internal verification. This is used to ensure that the copied data has not been altered and is in every way the exact copy of the original.

6. Can a deleted file be retrieved?

As long as the file is not overwritten, it can be recovered. When a file is deleted, the operating system marks the currently occupied sectors as available but the data at the sectors are left untouched until new data occupies the space. A deleted data can thus be recovered as long as the sectors are not been reused by new data. The chances to recover deleted files are better if little computer activity occurred after the file was deleted.

7. Can I retrieve files from reformatted disks?

Yes, you can as long as the previous data is not overwritten. The "Format" command in Windows or DOS performs a high-level format that does not destroy data. The process simply resets the index so that the operating system sees the disk as empty. The information is still there but the operating system does not know how to retrieve it.

However, low-level formatting of the computer hard disk will destroy all data. Low-level formatting is usually carried out only once by the manufacturer. The Format command in DOS or Windows does not perform a low-level format.

8. My computer has crashed. Can I still retrieve my data?

If the information still exists on the hard drive, we can retrieve it. If the crash was caused by a virus, software malfunction or hardware failure, most data is still available on the hard drive. As long as the hard drive itself is in good physical working condition, we can recover the existing data from it.

9. What is the cost of the service?

We charge based on man hour. An average examination or recovery of data generally takes a minimum of one hour, though this varies according to situation. Factors that affect the amount of time required include:

Amount of data to be recovered and analyzed (i.e. hard drive size, number of diskettes, etc)
Encryption
Data hiding
Any attempts to destroy data

There is no charge for initial consultation. Please contact us for details.

10. Do you provide training? What are the requirements?

We provide basic and intermediate level computer forensics training for law enforcement agencies only. For more information on our training please contact us.

11. How do I contact CyberSecurity Malaysia for digital forensics services?

Email

Phone

Fax

Address
:

:

:

:
Email Form

+603 - 8992 6888

+603-8992 6959 / +603-8945 3205

CyberSecurity Malaysia,
Level 7, SAPURA @ MINES,
7, Jalan Tasik, The Mines Resort City,
43300 Seri Kembangan,
Selangor Darul Ehsan,
Malaysia.
   
 
SITEMAP | DISCLAIMER
COPYRIGHT © 2012 - CYBERSECURITY MALAYSIA