About Our Server Forensics Practice

Law & Forensics’ Virtual and Physical Server Forensics practice extends to physical and virtual servers, including Dell PowerEdge T30, Lenovo ThinkServer TS150, HP ProLiant ML350 G9 5U, Asus TS500, VMware, Hyper-V, and Oracle VM Virtual Box. Our Virtual and Physical Server Forensics practice collectively has decades of experience in performing advanced forensics looking at virtual and physical servers.

This Virtual and Physical Server Forensics practice specializes in the identification and recovery of all types of deleted, corrupt, missing, or inaccessible data stored on virtual and physical servers. Our team’s unique combined experience in forensics, cyber, and the law allows Law & Forensics to perform speedy and efficient server analyses and forensically preserve evidence from nearly any server.

Our Services

100s of years of collective experience doing forensics. And of course working out of the box and solving problems…

Server Threat Analysis

  • Analyze physical and virtual server environments for malware and potential threats utilizing proprietary patented technology and off-the-shelf solutions to deliver results 10X faster than conventional methodologies existing in the market.
  • Consult with organizations, large and small, to create and deploy advanced cyber threat detection platforms that use commercial software to collect a large volume of diverse threat data in real-time, and analyze the behavior to understand the intent of the malicious activity and perform forensics on the infected endpoints.
Server Forensics
Server Forensics

Data Recovery

  • Recover server data from all types of servers including RAID hardware platforms as well as SAN and NAS appliances.
  • Retrieve data from a drive running on any operating system including Microsoft Windows, Apple OS, Linux, DOS, VMWare, Novell, and select UNIX interfaces, and supporting hard disk drives – EIDE, IDE, SAS SATA, and SCSI.

Forensic Investigation of Virtual and Physical Servers

  • Conduct forensic investigations of a range of servers including exchange and mail servers, Blackberry exchange server forensics, PBX phone servers, database servers (SQL, Oracle, MySQL, etc.), network-attached storage (NAS) devices, web and application servers, virtual servers, audio, and video servers.
  • Draft and deliver concise and detailed reports and affidavits regarding forensic analysis performed.
  • Recover and review all web-browsing activity, encryption keys, network connections, or injected code fragments stored on servers.
Server Forensics

Memory Forensics

  • Collect and analyzing volatile data in a server’s memory. Volatile data includes the browsing history, clipboard contents, and chat messages present in the short-term memory storage.
  • Examine runtime system activity on servers, such as open network connections or recently executed commands and processes.

Collection and Imaging of Servers

  • Image and collect servers, virtual or physical, using cutting edge forensic software and hardware.
  • Recover a wide range of data from servers including deleted email, voicemails, internet activity logs, network activity, deleted documents, encrypted data, deleted images, partitions and filesystems, and carved data.

Case Studies by Industry

Industry/Sector: Software

Type of Case: Employment Litigation

Description: Retained by a top 10 global law firm to conduct a digital forensic investigation on a company’s machines to determine if information had been misappropriated in connection with an employment litigation. Efforts included:

    • Discovered that large amounts of copying by departing employees led directly to the court granting a TRO against the defendants.
    • Authored a protocol, adopted by the court, to analyze the defendant’s computers.
    • Executed the protocol and investigated the defendant’s computers, servers, mobile devices, and cloud systems that uncovered a massive theft of data that was instrumental in facilitating a settlement between the parties.
100’s of Servers


73+ Collective Years

of relevant experience

Dozens of Servers


1000’s of Disks


1000’s of Physical and Virtual

servers collected

100’s of Expert Reports


Computer and Server Forensics Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders


Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees


Review of Alternative Dispute Resolution Case Law in 2018

Quality Control