Forensic analysis is necessary when there is a belief that electronic data or equipment may have been deleted, misappropriated, or otherwise managed in an inappropriate manner. The goal of forensic analysis is to develop sufficient information about the data or equipment, its use (or misuse), the individual(s) responsible, and then to develop as clear a picture as possible of what occurred, when it occurred and how it occurred. In other words, forensic analysis allows you to go deeper, in order to make your case stronger.

The Oliver Group (TOG) can perform a wide variety of forensic analysis tasks to meet the needs of clients. For each matter, we work closely with the case teams to identify the goals of the investigation and keep in close communication with the client as analysis progresses. Forensic analysis is much like working with a puzzle that has missing pieces - find enough pieces you can see the picture in the puzzle.

For most standard file systems and types, forensic analysis can be utilized to recover and report on data not readily visible or accessible to users or standard e-discovery software. Analysis is performed on one or more systems of interest, typically a custodian's laptop, personal computer, PDA or mobile phone where key pieces of evidence may be residing. Forensic Analysis requires the use of specialized tools and is performed by individuals with specialized skills.

While each matter is unique in its objectives and scope, TOG experts employ software such as EnCase® Forensic and Access Data's Forensic Toolkit® (FTK®) , among others, to perform the analysis. These tools are well-regarded and understood in the technical and legal communities, and are routinely identified in court during expert testimony. TOG has a variety of other software and hardware tools it uses based on the specific type of analysis required.

For projects that require forensic imaging and analysis of hard drives, TOG can also include or exclude the acquisition of deleted files. The ease of recovery of deleted items is dependent on the specific data source, local policies in place and utilities used. TOG can also provide forensic recovery of deleted file fragments or files by searching using keywords, phrases or file headers. Other common forensic analysis requests include identification of specific files; deletion analysis and trends; internet history analysis; existence of wiping software; source code analysis; and others.

Use of social engineering methods can also help identify potentially responsive data sources prior to the utilization of forensic tools. Through questionnaires, interviews and system analysis, TOG experts can target the highest priority data sources at the earliest stage in the process.

At the conclusion of the analysis, a comprehensive report is produced for each forensic analysis task, which details the analysis objectives, results and any recommendations for further assessment. As forensic analysis involves looking into every pocket of potential evidence, TOG analysts sometimes need to overcome encryption or passwords present at the machine, archive, or file level. TOG employs various processes in the event that password-protected or encrypted files/media are identified. These methods range from basic cracking programs as well as large scale brute force techniques.