Vestige, Ltd - Specializing in Computer Forensics, Electronic Discovery of Evidence and litigation related fact-finding through the analysis of computer data.

What is an “Acquisition”?

Acquiring the computer image and authenticating the data are the initial steps in a Computer Forensics examination. The Acquisition of a computer or other digital media is done using specialized software and write-blocking devices which ensure that an exact copy of the digital evidence is made. Acquisitions can be done wherever and whenever is convenient and non-disruptive. Many times acquisitions are performed at night or on weekends, either on-site or at the law offices of counsel. In some situations, acquisitions can also be completed in the home or office.

An acquired image of the subject computer is then authenticated by forensic software which creates and embeds in the image a digital finger print. This “finger print” is called an MD5 hash and is a numeric code that represents all the information on the computer. If one single bit is changed on the computer the MD5 hash value will not match. This ensures that the Computer Forensic Examiner has not changed the data and replication of the MD5 is admissible in court.

The sooner the acquisition is done the more likely the chance to find the evidence you are looking for. So, if you suspect you might have a problem now or in the future you can have the computer drive acquired and have the image preserved indefinitely. Acquisition costs are very reasonable, making this strategy a feasible method to prepare for potential litigation.

Close