Forensic Collection from Computers
Our forensic investigators are experts at acquiring forensic images from Windows and Mac computers to obtain the evidence needed for your legal matter. With advanced forensic imaging software, the Lexbe Forensic Team performs thorough and systematic, whole drive and targeted data collections, and creates forensic images to support your cases.
By utilizing advanced forensic tools and best practices, our forensic investigators can stitch together the artifacts collected from the computers, including incident data, hidden data, event data, and other artifacts to create a complete picture of what transpired with the computer.
With computer forensic collections, there is often a plethora of data that is analyzed by our forensic examiners. In addition to locally stored files, like email or office documents that are relevant to your case, the Lexbe forensic team can collect internet history, downloads, recent searches, top sites, locations, media, messages, recycle bin files, USB connections, data transfer artifacts, and more.
Microsoft Windows Computers
The Lexbe forensic team is expertly equipped to conduct a thorough forensic collection and analysis of Microsoft Windows computers. The Microsoft Windows operating system allows for the collection and analysis of:
-
Account Information
-
Device History
-
Downloads
-
Memory
-
Network Activity
-
Recent Documents
-
Recycle Bin
-
Registry
-
Timeline Activity
-
USB Connections
-
User Activity
-
And More
Apple Mac Computers
The advanced forensic tools in the Lexbe forensic lab, enable our forensic team to perform advanced collections and analysis of Apple Mac computers. The Mac operating system allows for the collection and analysis of:
-
Apple's Fusion Drive
-
APFS
-
APFS Snapshots
-
Device History
-
Display and Search Unified Log
-
Downloads
-
Encrypted Devices
-
KnowledgeC Data
-
Recent Documents
-
Spotlight Data
-
Time Machine Backups
-
User Activity
-
Wi-Fi Connections
Linux Computers
Linux computers are often used in technical and high performance computing environments. The Lexbe forensic team can perform comprehensive forensic collections from Linux computers to support your case or investigation. The Linux operating systems allow for the collection and analysis of:
-
Recent Files
-
Startup Items
-
User Activity
-
Operating System
-
Hardware & Software
-
Accounts & Users
-
Network
-
Shared & Mapped Devices
-
USB Devices
-
Syslog
-
SSH Activity
-
Trash
-
Bash History
Revealing the True Story
Depending on the scope of your forensic requirements, our forensic investigators can build a comprehensive report of what took place with the computers involved in your case. Lexbe forensic reports are built from the insights gleaned from the data in the physical images, logical images, or targeted images from the computers.
Remote Forensic Collection Convenience
If the custodians in your case are unable to ship their computers to the Lexbe forensic lab, our forensic investigators can perform a remote forensic collection. Our remote collection process enables a comprehensive and sophisticated analysis of the activities that took place on the device as well as the associated files and metadata. Remote forensic collections, for Windows and MAC computers, are convenient for the custodians but can take longer to complete due to the data transfer process.
Get a Complimentary Forensic Consult
If you have questions about forensic collections from Windows and Mac computers, or any other electronically stored information, we’d be happy to schedule a complimentary consult call.
"*" indicates required fields