Mobile Device Forensics
How much does it cost for the acquisition and analysis of evidence from a mobile phone?
Can you recover deleted evidence from a mobile phone?
Can you bypass a phone’s passcode?
How long will my client need to give up their phone?
Can you recover evidence from apps on a mobile device?
What is computer forensics?
What are examples of digital evidence?
Digital evidence has been critical to our clients’ cases including operating system and app artifacts which establish or support claims of theft of intellectual property, document forgery, evidence spoliation, text message deletion, and existence of an alternate perpetrator. For more specific examples of digital evidence, please see the Carney Forensics case studies.
Do you perform acquisitions of computer evidence on site at a client’s business?
What do you charge for storage of evidence?
How much does a computer forensic acquisition and analysis cost?
It’s difficult to accurately estimate total costs upfront. There are many unknown factors and analysis opportunities to consider before evidence collection and preliminary analysis. Carney Forensics strives to provide the best service in the most cost-effective manner. From the initial call through final reports or courtroom testimony, our experts work closely with each client to ensure they have the information they need to make good decisions and prioritize analysis opportunities and weigh costs against benefits throughout the investigation or matter.
How long do computer forensic examinations take?
What do you charge to image a hard drive?
Hard Drive $750 Flat Fee.
Forensic image of one (1) storage device at Carney Forensics lab facilities not to exceed 1 TB, including three months of secure storage for image (physical media is returned to the client). Also includes Files List spreadsheet by e-mail. If image exceeds 1TB, an additional charge of $1/GB will be assessed. This price includes Chain of Custody documentation.
SD Card / Memory Card / Flash or Thumb Drive $250 Flat Fee.
Forensic image of one (1) storage device at Carney Forensics lab facilities not to exceed 64GB, including three months of secure storage for image (physical media is returned to the client). Also includes Files List spreadsheet by e-mail. If image exceeds 64GB, an additional charge of $1/GB will be assessed. This price includes Chain of Custody documentation.
Shipping: UPS or FedEx ground shipping of media to or from MN is standard. If client wants faster shipping, we will calculate rates and bill client for costs.
What is Cloud Forensics?
According to NIST:
Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e., cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi- tenant situations.
According to Darshik Jariwala (March 20, 2013):
Cloud Forensics is cross-discipline between Cloud Computing and Digital Forensics. Cloud Forensics is actually an application within Digital Forensics which oversees the crime committed over the cloud and investigates it. Cloud computing is based on a huge network, which spreads globally. Hence, Cloud Forensics is said to be a subset of Network Forensics. The basic technique remains as the forensic investigation of a network.
Is my client’s GPS data stored in his or her cloud account?
Often it is. Apple iCloud accounts, if connected to the iPhone, store photos and videos captured with its camera. Those photos and videos often contain embedded GPS coordinates. Also app data from many iPhone apps is stored in the connected iCloud account and sometimes includes GPS coordinates. Think the Apple Maps app and others.
Google accounts also store photo, video, and app data for connected Android smart phones. Google Maps is a popular app with GPS coordinates. But Google accounts support another avenue to harvest GPS data. The Google Timeline for connected Android apps is stored in the cloud account and generally contains Google Location History for places the phone has been, sometimes for years.
My client’s phone is damaged and will not power up. Can you collect the data from cloud accounts connected to the phone?
Generally, yes. Even if the phone is damaged or not physically available, we can collect large amounts of data, sometimes exceeding that which is available on the phone. Cloud collection requires legal authority and proper authentication credentials to access the cloud evidence.