Look for Vestige at SAME JETC in Kissimmee, FL , May 14-16, in the Gaylord Palms Exhibit Hall.  Stop to discuss our CMMC Compliance Services. See you in the Sunshine State!

Learn More

Data Preservation & Extraction

Digital Forensic Data Preservation & Extraction

Jump To

Regardless of where the evidence is in the world, Vestige can preserve it!

Forensic analysis starts with the proper preservation of the evidence.  From the onset, we handle each digital forensic case as if it is going to court, defensibly preserving all electronic evidence.

Forensic imaging, also known as cloning, forensic collection, mirror imaging, bit-for-bit copy, and even byte-for-byte copy, is the process of preserving the information that exists on storage media in a manner that ensures completeness of the copy, as well as preserving the information in a manner that can be authenticated – a critical component of making the evidence admissible.

Data on these devices includes active data, including user content such as documents, spreadsheets, email, databases and anything that a user generally creates, edits and accesses.  Included on these devices, is also an abundance of data that is used by the system itself, the software that is installed and any number of other processes and mechanisms on the system.  In digital forensics, these are referred to as artifacts.  The vast majority of the time these artifacts are even more important and essential to a case than the active, user content.  Therefore, it is important that this data is adequately preserved.  The forensic imaging process ensures that not only is the user data collected (including deleted data), but these essential artifacts are captured and preserved.

We acquire and preserve data in a forensically-sound manner from all digital systems & media types. In addition, Vestige is equipped to handle all kinds of sensitive data, including data that is protected by regulatory or statutory requirements such as HIPAA protected Electronic Protected Health Information (ePHI), financial data subject to Gramm-Leach-Bliley Act (GLBA), Controlled Unclassified Information (CUI), and data subject to foreign data privacy acts such as the EU’s General Data Protection Regulation (GDPR), Canada’s PIPEDA, Australia/New Zealand Privacy Act, etc.  Finally, Vestige maintains Private Investigation (PI) licenses in US jurisdictions that regulate the collection and/or analysis of data residing on electronic media.

Once preserved, Vestige’s analysis includes extraction and analysis of all types of data collected including both Content & Artifacts.

The Process

We will need access to the computers or servers that need to be preserved.  Vestige offers several convenient choices to give you flexibility, including:

    • In Lab
    • On-site
    • Cloud
    • Remote (via remote kit or on-line remote data collection)

In Lab

Vestige routinely receives computers and servers for preservation at one of our forensic labs.  Whether hand-delivered, couriered or shipped using a trusted, commercial overnight delivery service (i.e. UPS, FedEx, etc.), Vestige takes possession of the devices, establishes a chain of custody and preserves the evidence.

On-site

We are happy to come on-site to acquire and preserve the data.  Using our Grab-N-Go stand-by kits, Vestige equips our Digital Evidence Specialists with a mini portable forensic preservation lab that can be deployed to one or more locations as part of the overall preservation process.  With coverage throughout the United States and even Internationally, Vestige can handle your sensitive forensic collection work.

Cloud

With more and more corporate data located “in the cloud”, being able to locate, identify and properly preserve such data is essential.  The preservation of such data does pose some challenges; but like a lot of other things in life, it also offers advantages.  Data located in some cloud providers actually affords even more value than data stored in traditional, on-premises locations.

Remote

Since 2012, Vestige has been actively spear-heading advanced, forensically-sound, remote collection technologies.  Our remote kits offer the highest degree of forensic integrity while balancing convenience for clients and data custodians.  Remote acquisitions include the shipping of a remote preservation kit and proctored/direct supervision of the acquisition by a Vestige Digital Evidence Specialist.  Chain of Custody is established in accordance with Vestige’s already stringent standards.  At the conclusion of the preservation, the data and the remote kit is shipped back to Vestige via pre-arranged commercial courier service – maintaining the chain of custody.

Image and Hold  

If you’re not quite ready for analysis, Vestige offers an Image & Hold Service.  We have the ability to preserve and archive information on any digital device, preserving the information in the moment in time the device was collected, if you do end up needing this information down the road.

See the boxes below for our Data Preservation & Extraction services:

People Also Ask...

Data Preservation & Extraction

Learn more about our Data Preservation & Extraction solutions

A quote icon
The records and evidence uncovered by your organization proved to be the decisive factor in the litigation, and gave our organization tremendous leverage in the settlement process.
Christopher S. Miller Chief Executive Officer, Conrad Kacsik Instrument Systems Inc, Solon, OH

Related White Papers

This site uses cookies, for more information, review our privacy policy.