Bay Area Computer Forensics Expert, Investigator & Witness
  • Home
  • Services
    • CLE
    • Intellectual Property Issues
    • Civil Litigation
    • Criminal Defense
  • About Us
    • Jon Berryhill
    • Katie Berryhill
    • Clients
    • Client Testimonials
  • FAQ
    • Hiring A Computer Forensics Expert
    • Resources
  • News
  • Contact
  • Home
  • Services
    • CLE
    • Intellectual Property Issues
    • Civil Litigation
    • Criminal Defense
  • About Us
    • Jon Berryhill
    • Katie Berryhill
    • Clients
    • Client Testimonials
  • FAQ
    • Hiring A Computer Forensics Expert
    • Resources
  • News
  • Contact

News & Computer Forensics Blog

Author Jon Berryhill

Computer Forensics Investigative Expert and Certified Expert Witness for Military, State and Federal Courts

The magic “Find Evidence” button

10/16/2018

2 Comments

 
Paper and digital evidence
By Jon Berryhill

​
So what is a digital forensic analysis? The short answer is – it depends….  Every case and situation is different. Recently I was talking to someone who had retained the services of a company to conduct an analysis of a laptop. The customer had a fairly simple question he was trying to answer: “Is there evidence that the user of the machine was engaging in the suspected inappropriate communications and/or activity?”. What the customer got back was a several hundred page “report” of “preliminary findings” and was told that was their “phase one” analysis. In order to get more information or even an explanation of the provided report, the customer would have to pay for the “phase two” analysis. The additional cost was tiered depending on how quickly the work would be done with the “standard” (lowest cost) option having a 60-day turnaround. Needless to say the cost of a much more reasonable turnaround time made me gag.

A proper analysis means doing whatever data processing and analysis is necessary to answer the pertinent questions for the specific case. This usually means putting together the pieces of the puzzle from many different sources to put together a logical and relevant conclusion.
​

Most digital forensic analysis software packages (like EnCase, FTK and others), can generate an automated “report.” With little or no input from the analyst, the scripts that generate these reports can produces hundreds of pages of information. Seldom do these reports contain anything meaningful or understandable to a customer. When an analyst dumps one of these automated reports on a client, especially when accompanied by a bill, it is usually done for what I call the “thud effect” (how loud a sound can you make when you drop the report on a table in an effort to make it appear you have done a lot of work?). Did all that work and the trees they killed producing it provide answers? Did the analyst explain the findings?


Read More
2 Comments

demonstrated experience . proven results


Home

About

Services

Contact

Berryhill Computer Forensics, Inc.   TX 6-853-249  All Rights Reserved.
Text and content on this site may not be used without written permission.
Copyright © 1997-2023