About Our Server Forensics Practice

Law & Forensics’ Virtual and Physical Server forensic practice extends to both physical and virtual servers, including: Dell PowerEdge T30, Lenovo ThinkServer TS150, HP ProLiant ML350 G9 5U, Asus TS500, VMware, Hyper-V, and Oracle VM Virtual Box.

Our practice collectively has decades of experience in performing advanced forensics looking at virtual and physical servers.

This practice specializes in the identification and recovery of all types of deleted, corrupt, missing, or inaccessible data stored on virtual and physical servers.

Our team’s unique combined experience in forensics, cyber, and the law allows Law & Forensics to perform speedy and efficient server analyses and forensically preserve evidence from nearly any server.

Our Services

100s of years of collective experience doing forensics. And of course working out of the box and solving problems…

Server Threat Analysis

  • Analyze both physical and virtual server environments for malware and potential threats utilizing proprietary patented technology and off-the-shelf solutions to deliver results 10X faster than conventional methodologies existing in the market.
  • Consult with organizations, large and small,  to create and deploy advanced cyber threat detection platforms that use commercial software to collect a large volume of diverse threat data in real-time, and analyze the behavior to understand the intent of the malicious activity and perform forensics on the infected endpoints.

Data Recovery

  • Recover server data from all types of servers including RAID hardware platforms as well as SAN and NAS appliances.
  • Retrieve data from a drive running on any operating system including Microsoft Windows, Apple OS, Linux, DOS, VMWare, Novell, and select UNIX interfaces, and supporting hard disk drives – EIDE, IDE, SAS SATA, and SCSI.

Forensic Investigation of Virtual and Physical Servers

  • Conduct forensic investigations of a range of servers including exchange and mail servers, Blackberry exchange server forensics, PBX phone servers, database servers (SQL, Oracle, MySQL, etc.), network-attached storage (NAS) devices, web and application servers, virtual servers, audio, and video servers.
  • Draft and deliver concise and detailed reports and affidavits regarding forensic analysis performed.
  • Recover and review all web-browsing activity, encryption keys, network connections, or injected code fragments stored on servers.

Memory Forensics

  • Collect and analyzing volatile data in a server’s memory. Volatile data includes the browsing history, clipboard contents, and chat messages present in the short-term memory storage.
  • Examine runtime system activity on servers, such as open network connections or recently executed commands and processes.

Collection and Imaging of Servers

  • Image and collect servers, virtual or physical, using cutting edge forensic software and hardware.
  • Recover a wide range of data from servers including deleted email, voicemails, internet activity logs, network activity, deleted documents, encrypted data, deleted images, partitions and filesystems, and carved data.

Case Studies by Industry

Industry/Sector: Software

Type of Case: Employment Litigation

Description: Retained by top 10 global law firm to conduct a digital forensic investigation on a company’s machines to determine if information had been misappropriated in connection with a employment litigation. Efforts included:

    • Discovering that large amounts of copying by departing employees that led directly to the court granting a TRO against the defendants,
    • Authoring a protocol, adopted by the court, to analyze defendant’s computers,
    • Executing the protocol and investigated the defendant’s computers, servers, mobile devices, and cloud systems that uncovered massive theft of data that was instrumental in facilitating a settlement between the parties.
100’s of servers

analyzed

73+ collective years of

relevant experience

Dozens of servers

recovered

1000’s of disks

analyzed

1000’s of physical and virtual

servers collected

100’s of expert reports

written

Computer and Server Forensics Practice Edge

Capabilities

Demonstrated track record of delivering our clients with world class forensic services in connection with computers, physical and virtual servers. Our capabilities are beyond what basic computer forensics labs can deliver, thanks to our custom-built software tools and patented hardware and software Forensic Scan. Our team works with legal professionals and business owners on the most complex and sensitive investigative or litigative matters involving electronic evidence or data preservation.

Competitive fees

Our fees structure is competitive, and we offer clients success based, hourly and fixed fee arrangements while ensuring that each engagement is spearheaded by a senior member of our team, with significant knowledge and experience.

Expertise

Our team of experts hold multiple certifications, conducted hundreds of forensic investigations, published hundreds of articles, lectured at hundreds of live and virtual events on forensics, and have at least 10 years of testifying experience and technical training that provide a unique edge and valuable edge in trials, hearings, and disputes. Our team has extensive experience performing forensic investigations involving physical and virtual servers located all over the globe often with favorable outcomes for our clients.

Quality Control

All forensic analysis and work product undergo a rigorous quality assurance review to ensure that the finished product can withstand all forms of scrutiny by opposing counsel.