Virtual and Physical Server Forensic Practice

Virtual and Physical Server Forensics

About Our Server Forensics Practice

Law & Forensics’ Virtual and Physical Server Forensics practice extends to physical and virtual servers, including Dell PowerEdge T30, Lenovo ThinkServer TS150, HP ProLiant ML350 G9 5U, Asus TS500, VMware, Hyper-V, and Oracle VM Virtual Box. Our Virtual and Physical Server Forensics practice collectively has decades of experience in performing advanced forensics looking at virtual and physical servers.

This Virtual and Physical Server Forensics practice specializes in the identification and recovery of all types of deleted, corrupt, missing, or inaccessible data stored on virtual and physical servers. Our team’s unique combined experience in forensics, cyber, and the law allows Law & Forensics to perform speedy and efficient server analyses and forensically preserve evidence from nearly any server.

Our Services

100s of years of collective experience doing forensics. And of course working out of the box and solving problems…

Server Threat Analysis Data Recovery Virtual and Physical Servers Memory Forensics Collection and Imaging

Server Threat Analysis

Analyze physical and virtual server environments for malware and potential threats utilizing proprietary patented technology and off-the-shelf solutions to deliver results 10X faster than conventional methodologies existing in the market.
Consult with organizations, large and small, to create and deploy advanced cyber threat detection platforms that use commercial software to collect a large volume of diverse threat data in real-time, and analyze the behavior to understand the intent of the malicious activity and perform forensics on the infected endpoints.

Data Recovery

Recover server data from all types of servers including RAID hardware platforms as well as SAN and NAS appliances.
Retrieve data from a drive running on any operating system including Microsoft Windows, Apple OS, Linux, DOS, VMWare, Novell, and select UNIX interfaces, and supporting hard disk drives – EIDE, IDE, SAS SATA, and SCSI.

Forensic Investigation of Virtual and Physical Servers

Conduct forensic investigations of a range of servers including exchange and mail servers, Blackberry exchange server forensics, PBX phone servers, database servers (SQL, Oracle, MySQL, etc.), network-attached storage (NAS) devices, web and application servers, virtual servers, audio, and video servers.
Draft and deliver concise and detailed reports and affidavits regarding forensic analysis performed.
Recover and review all web-browsing activity, encryption keys, network connections, or injected code fragments stored on servers.

Memory Forensics

Collect and analyzing volatile data in a server’s memory. Volatile data includes the browsing history, clipboard contents, and chat messages present in the short-term memory storage.
Examine runtime system activity on servers, such as open network connections or recently executed commands and processes.

Collection and Imaging of Servers

Image and collect servers, virtual or physical, using cutting edge forensic software and hardware.
Recover a wide range of data from servers including deleted email, voicemails, internet activity logs, network activity, deleted documents, encrypted data, deleted images, partitions and filesystems, and carved data.

Server Forensics - Collection and Imaging

Case Studies by Industry

Software

Industry/Sector: Software

Type of Case: Employment Litigation

Description: Retained by a top 10 global law firm to conduct a digital forensic investigation on a company’s machines to determine if information had been misappropriated in connection with an employment litigation. Efforts included:

- Discovered that large amounts of copying by departing employees led directly to the court granting a TRO against the defendants.
- Authored a protocol, adopted by the court, to analyze the defendant’s computers.
- Executed the protocol and investigated the defendant’s computers, servers, mobile devices, and cloud systems that uncovered a massive theft of data that was instrumental in facilitating a settlement between the parties.

Software

Industry/Sector: Software

Type of Case: Employment Litigation

Description: Hired by a company to work with outside counsel to serve as a consultant and testifying expert on various aspects of eDiscovery and forensics issues. Efforts included:

- Recovered deleted files on dozens of laptops, servers, and mobile devices.
- Worked on multiple forensic issues specific to cloud computing.
- Identified misappropriated data and the mechanisms used to share the data.
- Submitted multiple declarations and affidavits around forensic analysis.
- Deposed multiple times regarding forensic efforts.
- Submitted a report critical in facilitating a favorable settlement for the company.

Multinational Hospitality Company

Industry/Sector: Hospitality

Type of Case: Employment Litigation

Description: Engaged by outside counsel to conduct a forensic investigation on behalf of a large multinational hospitality company as part of a complex employment litigation involving employee fraud, harassment, and intellectual property theft. Our forensic work on multiple physical and virtual servers and the report helped to facilitate a favorable outcome for the organization. Our efforts included:

- Interviewed employees to identify individuals of interest.
- Collected and analyzed these devices.
- Recovered and identified deleted and partially disrupted files from various physical servers and virtual servers in a public cloud.
- Submitted a report of our findings.

Construction Company

Industry/Sector: Construction

Type of Case: Employment Litigation

Description: Hired by the General Counsel and Chief Risk Officer to conduct an internal investigation at a large construction company of several individuals in the technology office that involved several physical and virtual servers. Efforts included:

- Recovered hundreds of files deleted from a Dropbox by a disgruntled employee and identified several backdoors that the employee had left that, if not deleted, could have resulted in over fifty million dollars in harm. The results of our analysis helped to facilitate a favorable outcome for the organization.

100’s of Servers

analyzed

73+ Collective Years

of relevant experience

Dozens of Servers

recovered

1000’s of Disks

analyzed

1000’s of Physical and Virtual

servers collected

100’s of Expert Reports

written

Computer and Server Forensics Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders

Capabilities

Demonstrated track record of delivering our clients with world class forensic services in connection with computers, physical and virtual servers. Our capabilities are beyond what basic computer forensics labs can deliver, thanks to our custom-built software tools and patented hardware and software Forensic Scan. Our team works with legal professionals and business owners on the most complex and sensitive investigative or litigative matters involving electronic evidence or data preservation.

Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees

Our fees structure is competitive, and we offer clients success based, hourly and fixed fee arrangements while ensuring that each engagement is spearheaded by a senior member of our team, with significant knowledge and experience.

Expertise

Our team of experts hold multiple certifications, conducted hundreds of forensic investigations, published hundreds of articles, lectured at hundreds of live and virtual events on forensics, and have at least 10 years of testifying experience and technical training that provide a unique edge and valuable edge in trials, hearings, and disputes. Our team has extensive experience performing forensic investigations involving physical and virtual servers located all over the globe often with favorable outcomes for our clients.

Review of Alternative Dispute Resolution Case Law in 2018

Quality Control

All forensic analysis and work product undergo a rigorous quality assurance review to ensure that the finished product can withstand all forms of scrutiny by opposing counsel.

Virtual and Physical Server Forensics

About Our Server Forensics Practice

Server Threat Analysis

Data Recovery

Forensic Investigation of Virtual and Physical Servers

Memory Forensics

Collection and Imaging of Servers

Capabilities

Competitive fees

Expertise

Quality Control

Newsletter

Contact Us

CYBERSECURITY PRACTICE

EDISCOVERY PRACTICE

DIGITAL BANKING

FORENSICS PRACTICE

ARTICLES

WEBINARS

RESOURCES