|
|
 |
Network Acquisition (31-200 Computers)
Required for search:
Systems of this size cannot be shut down. In these cases we use an Enterprise Level of industry standard hardware and software to acquire only the relevant data on the "live system". We will shut down specific computers to image them individually as necessary. This way the acquisition can be done without interrupting your business operations. This type of Investigation can consume 2 to 5 person days depending on the level of work needed. You will be required to have at least one member from your IT department and one member of your management team at each site with us at all times during our entire operation.
Helpful Information:
We will need several meetings with you and your IT staff to understand your systems and arrange to bring the proper equipment to your site. We will need to meet and confer to setup the search keywords, phrases, numerical data, file types, email structure, and other information needed from some or all of the computers on your system. We will also need System Admin Level Access to the entire network.
Results:
All data which can be recovered will be. This way the data will be analyzed in accordance with the specifics of the engagement on an interim basis and delivered to your legal team in manageable batches. The final data and reports will be ready for your legal team and our Expert Witnesses to use in your case.
See footnote (1) for important information.
Cost:
$250.00 per man hour. This type of work requires at least four Investigators: a minimum of one Manager and three Team Leaders. Teams Assistants will be charged at their rate depending on level of expertise. We also charge $25.00 per hour for each Forensic Acquisition Unit we bring to the site or used by us remotely. TAT TBD. Incidentals TBD. Specific time and charges will be detailed in the engagement letter.
Return to Field Forensics Preview
(1) Many multiple computer network systems maintain one or several levels of backup data. This data should be captured for all prior periods at least back to the discovery of the issue which instituted the law suit or to the beginning of the law suit. There are possibilities data on local computers has been overwritten and not recoverable. It is possible that deleted email cannot be recovered. It is possible that deleted files may have been attached to email and can be recovered 2nd hand. Enterprise Level software may not capture "legacy system data." (data file formats from older software programs or operating systems no longer in use). The data file may be in such a format that it can still be recovered by obtaining outdated software from 3rd party sources and recovered.
|
|
|
