Criminal IT Forensics

Our IT forensic investigations begin with several preliminary measures and the creation of a strategic action plan.

 

IT forensic activity begins with the first intervention, in which the problem is detected, located on the system and isolated in order to minimise any (further) damage. Changes within the system are described, volatile (for example RAM) and non-volatile data (hard drive) are secured and possible correlations analysed. Our IT specialists then develop criminal reconstruction or causation theories, review these theories and secure the forensic traces.

 

The computer scientists of the Kurtz IT Service' are available both for live analyses on a running device and for dead (or post mortem) analysis on a defective system or device.

 

One of the greatest challenges facing IT forensic specialists today is processing the ever-growing flood of electronic data devices, spyware, operating systems and the continuous expansion of data storage, analysing errors and misuse and securing traces. Thanks to the technical capabilities and continuous expansion of our IT department, our IT specialists are ideally equipped to meet these requirements.

Even in IT forensics, the famous W-questions apply:

 

• What – What happened?
• Where – Where on the data storage device did it happen?
• When – When did something happen?
• How – How was it carried out?

 

By the way: One of the greatest pioneers of criminal forensic science was the Scot Joseph Bell, the model for Sherlock Holmes: On the Trail of Sherlock Holmes.

 

Examples of vulnerable information carriers are

 

• Digitally stored image, video and sound files
• Digitally stored communication (e-mail, SMS, browser history)
• Digitally stored documents (for example docx, pdf etc.)
• Computer usage traces (data connection logs, history data, login and access times)
• Server log files (proxy logs, website access log files etc.)
• Allegedly deleted storage areas
• Metadata of files