Acquire the Data for Examination

One way or another, the suspect data has to get to the lab at Precise Cyber Forensics in order to perform a proper examination. The best option is for us to obtain the complete computer, which allows the level two examination to be done faster and cheaper. Unfortunately, this does not happen very often. The next best option is for the police or corporate response teams on the scene to remove the hard drive, and have it shipped to us via a bonded carrier. The third, but very worst option, is for us to come to the scene of the incident and image the drive there. This is not always a good option, as it can take several hours in a potentially hostile environment.

It is of extreme importance that the data on a suspect hard drive is not altered before, during or after a forensic examination. If you have to be the first person to touch the suspect computer, read our guidelines on First Response first.

If you are going to ship the whole PC, or just the hard drive to our lab, please read our section on shipping first.

Call (360) 651-2391 and ask for Steve to discuss how Precise Cyber Forensics can help you with your current data examination or recovery needs.