User Activity Investigation
ILS’s investigations of user activity are robust and reflect our investigatory range and acumen. Depending on your case, some or all of the following services may help you uncover hidden evidence:
Email Analytics. This can produce important information about email chain analysis, email custodian analysis and email threads. Review emails as full conversations rather than as fragments that are scattered throughout the data field like pieces of a jigsaw puzzle (and may end up being coded differently by different reviewers based on the partiality of their content). Understand the connections of conversations and locate missing custodians or discover important witnesses.
Metadata retrieval and production. Also known as “data about data,” metadata can be retrieved to discover when and where documents were created, prior past versions of files or emails, and information about users who have access. The printed content of eDocuments is only the tip of the iceberg. Metadata is a wealth of information just waiting to be discovered. ILS will show you how.
Reconstruction of File Activity - A listing in chronological order is assembled depicting the date, time, and location of documents that were accessed and otherwise interacted with the target custodian.
Support for preparation of client witnesses. This includes preparing witnesses for deposition and trial testimony, and using our own experts for Affidavits or testimony, as needed. Uncover the story with ILS created Witness Kits that include all documents related to a case character in easy to understand chronological order. Deposition Preparation Reports present the key documents uncovered by our analytics. When combined with our Issue Building, you’ll be able to evaluate the sufficiency of evidence and probative value for each issue, then applying that knowledge, better understand the additional discovery you will want to seek from your deponents or what additional discovery you may need
Recovery of Active and Deleted File Information - A listing of documents and other files, including files that had been deleted, is assembled, along with their metadata depicting the date the files were created, last accessed, last modified, date deleted, their folder path, and other attributes are assembled into Excel spreadsheets. Recover intact deleted documents and non-email files, as well as double-deleted email messages from email container files, residing on the computers.
USB Device History Reconstruction – Reconstruct USB device information through the creation of an inventory of all USB flash drives and external hard drives that were attached to the computers, along with dates such devices were attached and their serial numbers.
Webmail & IM Chat Log Recovery – Recover and assemble for review web-based email messages and Instant Messaging chat logs sent, received, and/or read.
Internet Activity Reconstruction - Reconstruct the date, time, and URL of websites visited, which are presented as Excel spreadsheets for review.
Perform Keyword Searches - Perform keyword searches of active files, intact deleted files, and deleted fragments of email messages, documents, and other files.
Assess Presence of Anti-Forensic Attempts - Information surrounding if any anti-forensics evidence elimination techniques (data wiping software) were employed to thwart the recovery of deleted documents, email messages, and other files.
Perform Smart Phone Backup Searches – Attempt to locate any smart phone backups that may have saved to target computer. Restoration and investigation of these backups, if they exist would be undertaken adjunct to the primary investigation if included as such, but normally is handled subsequent to the initial protocol.
Trace artifacts – This is data residue left behind by the operating system. We can find these artifacts and evaluate the information found.
Process hidden files – This includes files that are invisible or inaccessible. We can analyze the date codes for each file to see when files were created, modified, last accessed and deleted.