Borders, McLaughlin & Associates

Overview

Type of Examinations

Including: Threat Assessment,
Employee Investigations,
Pre-Employment Screening
& more...

Learn more

Types of Examinations

A client may not be sure which type of examination they want, if any, during the initial consultation. The most important thing to remember is to protect and preserve the evidence no matter what the final outcome. If you choose not to preserve the evidence now; it may be altered or destroyed when you need it. Borders, McLaughlin & Associates offers the ability to preserve the evidence by making an exact copy of the desired media. This will give the client the piece of mind knowing the evidence has been preserved in the event they later decide to conduct a forensic analysis.

One method of examining media is to preview it. Borders, McLaughlin & Associates has the expertise to employ different types of previews based on the circumstances of the incident. This method allows the original media to be viewed, without alteration. Although this is considered to be most cost effective, it does not allow for an exact copy of the original media for later analysis. What you preview and recover at this time is what you will have forever. Previewing media can yield a significant amount of data such as specific documents, spreadsheets, and pictures. Although you can extract and save these specific files, the preview exam does not allow you to perform certain functions that may be needed by the client.

A standard and/or advanced examination involves the acquisition and analysis of the media. The acquisition phase involves making an exact copy of the original media without any alteration of the evidence. Borders, McLaughlin & Associates uses court accepted, industry standard programs to make an exact copy of the desired media. A bit-by-bit, sector-by-sector copy of the media is made, and the exact copy is used for the analysis. Acquiring and analyzing the desired media is the most frequent type of examination conducted. This allows for a much more extensive examination. It allows the examiner to find items such as specific files, whether active or deleted, operating system information, trace artifacts, data in areas not accessible by the operating system, date/time stamps, file links, and more.

return to top