Digital forensics in Warsaw – media and data analysis

What we do as part of digital forensics

and secure imagingof data on a copy, never working on the original. analysisFor companies, institutions and private individuals — in matters requiring technical confirmation of facts: employment disputes, data loss, suspected sabotage, procedural errors, malware attacks or the need to prepare material for a lawyer. HDD/SSD/NVMe we only handle cases for the owner of the media or a person/organisation with the right to request the work. We do not analyse mobile devices — we focus on computer storage media. Accounting offices Important:

Who it is for

• analysis of
• drives, USB media (flash drives) and memory cards,
• analysis of
• environments and cases involving logical damage,
• RAID/NAS

How we work — safely and procedurally

• recovery and identification of HDD, SSD i NVMe(if the condition of the media allows it),
• deleted files Send your device to the laboratory building an event timeline, metadata analysis and activity trace analysis,
• verification of data integrity and indication of possible modifications,
• incident analysis (e.g. ransomware/malware) in terms of artifacts on the media and consequences for the data.
• and defining the scope (what we are to confirm/find).
• Intake of the case

How we secure material and the chain of work

1. Secure imaging of the media (bit by bit) and working exclusively on the copy.
2. Analysis and documentation of findings (what appears in the data, when, where and in what form).
3. Report with conclusions + delivery of the results in the agreed format.
4. Findings description - we organize files, artifacts, metadata and activity traces into a logical sequence of events.
5. Report and results handoff - we hand over findings in the agreed format, with a description of the work scope and analysis limitations.

What the client usually receives after analysis

• a technical report describing the actions performed and the key findings,
• a list of recovered or identified data if the device condition allowed readout,
• information about which activity traces could be confirmed and what can no longer be determined clearly,
• working material for further internal analysis, legal consultation or business decision-making.

Ograniczenia i uczciwe zasady

Warsaw, Bialoleka district, Jana Kowalczyka 1, unit 8, 2nd floor · Mon–Sat 09:00–18:00 technical input material, which can support further legal or organizational actions.

We perform assignments only for the device owner or for a person or organization authorized to handle the material. This keeps the service scope safe, legal and aligned with the real goal of the analysis.

Dla kogo

For companies, institutions and private clients who need technically organized material. This applies to a security incident, data dispute, device failure or a situation where it is necessary to confirm what is or was actually present on a drive, array, USB flash drive or memory card.

Most common questions before media analysis

Do you work on the original device?

No. The standard is to create a working copy or image and analyze the copy. We treat the original as source material that must be protected from additional changes.

Can it be determined that files were deleted or copied?

Often yes, but not in every case. It depends on the device type, degree of overwriting, preserved metadata and what happened after the incident.

How should I prepare material for analysis?

It is best to disconnect the device, avoid self-repair and write a short case description: incident date, device type, symptoms and the questions the analysis should answer. This shortens the start time and reduces the risk of losing traces.

Do you handle business cases and material for law firms?

Dysk i Spółka - Data Recovery Laboratory