protecting partners page

Forensic Services Group can provide valuable assistance at any time during preparation of your court case.

An employee's computer and all information it contains, is the property of the employer.

Protecting Partnerships ....

The Forensic Services Group is prepared to assist law firms to protect themselves from possible future litigation. This service is beneficial if an individual is behaving in an unprofessional manner, has been terminated or voluntarily resigned.

* Precautionary measures taken by some of the world's largest corporations:

New computer forensic capabilities has allowed several Fortune 500 Companies to protect themselves against future litigation by freshly preserving the state of an employees' hard drive upon resignation, termination or internal transfer as a matter of standard procedure.

The drive is forensically copied with the data being archived to CD-ROM disks should an examination be required at a later date. Preserving and archiving this information is important, as issues such as trade secrets or intellectual property infringements, harassment and wrongful termination claims often do not emerge until months after an employee leaves his or her position, at which point any critical computer evidence would have been overwritten.

--------------------------------------

The Forensic Services Group is prepared to provide essentially the same service as described above which is summarized as follows:

FSG will copy the subjects hard disk drive using special forensic software that also includes any previously deleted or erased files.

This copied information will be encrypted, password protected and saved either on a separate hard drive or a series of CD-ROM disks. This information will not be retained by FSG but will be turned over to the client.

In the event that there is a need to analyze this information in the future, FSG will work together with the client using specifically approved forensic software to search for key-words & evidence that are relevant to the case, after which we will prepare a detailed report to present our findings in a court of law if necessary.

In respect of this service, we emphasize the following:

We are willing to carry out our work under the scrutiny of the clients' security personnel.

The sole encrypted copy of the subject disk drive is retained by the clients' senior management.

Even if this encrypted copy should get into the hands of others, it cannot be opened, even with the proprietary software with which it was created, since only the client will be in possession of the password.

Post Acquisition Service:

We are skilled in finding relevant information that is specified by the client using powerful Key-Word search algorithms. We can testify in court as to the method and validity of our recovery techniques.

Please contact Forensic Services Group (Hong Kong)
as your next legal consultant.

Acquisition Techniques:

Electronic data is fragile by nature and can be easily altered or erased if certain rules are not followed. For example, just booting a computer into a Windows environment will alter critical date stamps, erase temporary files and cause numerous writes to the disk drive.

Specialized computer forensic software ensures that the data on the subject computer hard drive is not altered in any way during the acquisition process.

After initiation of the special boot-up procedure, the examiner utilizes special computer forensic software to create a bit-stream image, which is an exact "snap-shot" of the subject hard drive.

This image is a complete non-invasive, sector-by-sector copy of all data contained on the subject hard drive which includes the recovery of all active, deleted and otherwise unallocated data including that hidden in bad sectors & clusters.

This process allows the investigator to "freeze time" by saving a complete snapshot of the subject drive at the time of acquisition.

Note:

Our forensic acquisition service is also useful, even if there is no wrong-doing on the part of the subject, since often an employee has files on his or her 'vanished' hard drive that are found to be in need several months after leaving the company.