iForensics 鑒真數位

iForensics' Digital Forensics Process

Our digital forensics service process is based on the laboratory certification standards（both ISO/IEC 17025 and ISO/IEC27001）, through professional detection process and forensics analysis to provide reliable forensics analysis result. Certified by international laboratory certification, allow our forensics processes and result to be acknowledged in international ISO certified laboratories. We provide the most professional digital forensics analysis service and expert witness consultation, are your best choice.

About ISO/IEC 17025

According to ISO/IEC 17025, the definition of “accreditation” means:“Third-party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks.”

About ISO/IEC 27001

ISO/IEC 27001, which full name is“ISO/IEC 27001 — Information technology — Security techniques — Information Security Management Systems — Requirements”, also known as ISMS. It is the international standard for an information security management system.

ISO/IEC 27001 mainly aims at the requirements for establishing, implementing, maintaining, and continually improving an information security management system. The purpose is to help organizations ensure the confidentiality, integrity, and efficiency of information assets through the cooperation of management and technology.

iForensics digital forensics laboratory has passed the ISO/IEC 17025 laboratory accreditation through the Taiwan Accreditation Foundation (TAF) evaluation and achieved ISO/IEC 27001 certification in 2022. Our digital forensics service process is based on the laboratory certification standards, through professional detection process and forensics analysis to provide reliable forensics analysis results. Certified by international laboratory certification, allow our forensics processes and result to be acknowledged in international ISO certified laboratories. We provide the most professional digital forensics analysis service and expert witness consultation, are your best choice.

Iforensics Services

Step 1
Collect client information⤵

After being authorized by our clients, we'll conduct a client service interview and produce the related clues for this case. Our main goal is to identify the search scope and locate the key evidence. After knowing the target of hardware, operating system, application system and data stored method, we can determine the suitable forensic tools and execution methods for this investigation.

Step 2
Formulate the forensics investigation plan⤵

According to the client's requests and information collected, we'll prepare the forensics software and hardware properly to acquire all possible digital evidence. To avoid the possible interruptions and maintain the confidentiality of the corporate operation, we will adjust a feasible execution plan.

Step 3
Acquire digital evidence and duplication⤵

When acquiring the digital evidence remotely or on-site, we will maintain the Chain of Custody. We will secure the site to prevent digital evidence from tampering during acquisition. We will make the duplication from the original digital evidence and verify the HASH value. Regarding to the running server, we will gather the necessary information about running process and important files. We will maintain the Chain of Custody and document all actions taken.

Step 4
Preserve and analyze the digital evidence⤵

We will preserve the original digital evidence properly and keep maintaining the Chain of Custody. We will start analyzing and searching from the duplication images or hard drives. Depending on the case differences, we may have several tasks as follow: recover deleted files, parse specific data type (such as: email/web activity/registry/log, etc), crack encrypted files, and search unallocated area or hidden files.

Step 5
Generate forensics report from analysis⤵

According to the result from step 4, we will retrieve the founded digital evidence files with our explanation. In general, we will bookmark the findings and have the explanation well written in the final report. The report will be scrutinized by peer reviewing process before its final release.

Step 6
Provide expert witness service⤵

If the judicial process starts, we could provide expert witness service, assist to explain, or review cases upon request.

Quick Forensics Analysis

Upon encountering emergency, some companies may not know the possible data and suspects that are involved. They may not know whether any digital evidence could be found; therefore, they hope to get an initial result of the investigation for further decision making. That is why we provide affordable quick forensics analysis service for them. Our clients could evaluate further forensics investigation upon this result.

E-mail forensics Services

No one can deny that e-mail has become one of the important ways for communication. Due to the convenience of e-mail system, many companies send purchase orders, contracts, authorization letters, or bills by e-mail. We had the experience of developing large scale e-mail auditing system, so we are familiar with all kinds of e-mail system architecture. Due to the defect and inadequacy of the e-mail protocols, many people use fake e-mail header to send blackmails or inaccurate news. You can figure out the source of the sender through our e-mail forensics services. If the computer belongs to certain company, we can use professional tools to parse and collect the original digital evidence. Regardless of the web mails that are used (for example: Hotmail/Gmail/Yahoo mail, etc), we still have chances to find the key evidence and provide the management staff for further decision making.

Infringement Forensics Services

Filing a lawsuit is usually the last resort after carefully consideration while encountering the emergency. From the perspective of maintaining company's rights and benefits, we are able to use the suitable evidence to avoid going into lawsuit. For instance, after having physical evidence, you can prevent from damaging company's benefits by sending the Legal Confirm Letter in advance. As the result, we don't have to waste time and money on lawsuit. In the cases of information security, companies usually keep low profile and avoid exposure. The purpose of the investigation is to avoid the lawsuit and provide the truth to the management staff.

Data Recovery

Under many circumstances, companies may need data recovery services due to the hard disk failure and accidental data deletion. iForensics will use professional tools and techniques to check the damage and recover the data. For certain damaged files, we can use forensics search technology to locate the physical locations and combine them to recover the original files. In addition, we provide the file decryption service in the case of losing encryption key.

Hard disk data recovery
We have clean work equipment, which can open the hard disk in the Class 100 clean environment to process advanced data recovery, support all kind of hard disk IDE/SATA II/SATA III/SCSI/SAS interface, and include various hard disk models. For disk array, support RAID 0/1/3/5/6/10 and other configurations of data recovery. We are the only professional company in Taiwan that use forensics level equipment for data recovery and regularly provide training courses.

Mobile phone data recovery
We are a domestic agent of mobile phone data recovery software and hardware, which provide mobile phone data recovery services for photo/SMS/address book/chat record (line/skype/whatsapp…), recover data from data storage protection block, such as mobile phone chip/SIM/mobile phone memory card. We also provide App forensics detection services for smart phone APPs, to confirm whether there is backdoor or other malware modules that will steal data.