Digital forensics – media and data analysis

What we do as part of digital forensics

Digital forensics is the technical analysis of storage media and data carried out in a procedural manner — to preserve evidentiary material and describe conclusions reliably. In our laboratory in Warsaw we performsecure imagingandanalysisof data on a copy, never working on the original.

• analysis ofHDD/SSD/NVMe drives, USB media (flash drives) and memory cards,
• analysis ofRAID/NASenvironments and cases involving logical damage,
• recovery and identification ofdeleted files(if the condition of the media allows it),
• building an event timeline, metadata analysis and activity trace analysis,
• verification of data integrity and indication of possible modifications,
• incident analysis (e.g. ransomware/malware) in terms of artifacts on the media and consequences for the data.

Who it is for

For companies, institutions and private individuals — in matters requiring technical confirmation of facts: employment disputes, data loss, suspected sabotage, procedural errors, malware attacks or the need to prepare material for a lawyer.

How we work — safely and procedurally

1. Intake of the caseand defining the scope (what we are to confirm/find).
2. Secure imagingof the media (bit by bit) and working exclusively on the copy.
3. Analysisand documentation of findings (what appears in the data, when, where and in what form).
4. Reportwith conclusions + delivery of the results in the agreed format.

Important:we only handle cases for the owner of the media or a person/organisation with the right to request the work. We do not analyse mobile devices — we focus on computer storage media.