Digital forensics in Warsaw – media and data analysis
Want to avoid making the situation worse?
Security of material from HDD, SSD, RAID, USB and memory cards
Digital forensics is a work on material to preserve the worth of evidence and to be accurately described in technical report. In Warsaw we analyse exclusively computer media: HDD, SSD/NVMe, RAID/NAS array, USB memory and memory cards.
We do not analyze telephones or mobile devices. Matter secures a bit after beating and we work on a copy, so as not to change the image to the original.
First step: Do not start modifying procedures, do not perform CHKDSK or formatting. Prepare a brief description of the case: who is the owner of the data, what you need to learn, what the player takes part in the case and whether after the incident it was still used.
This is particularly important in corporate matters, employee disputes, security incidents analysis and material prepared for the full-time, law firm or legal department.
In which cases such analysis is most important This makes sense.
- company owners and management teams who need a technical record of a storage incident,
- labour disputes and the need for technical confirmation of the activity,
- analysis of incidents after ransomware, malware or unauthorized data interference,
- private device owners who can confirm authorization to analyse the storage device,
- preparation of the working material for the lawyer, compliance department, insurer or internal audit.
How we work — safely and procedurally
- disk analysis HDD, SSD and NVMe, USB and memory cards,
- Environmental analysis RAID/NAS and cases with logical damage,
- identification of deleted, lost or invisible files, if the state of the storage device still allows it,
- Timeline construction, metadata analysis and user activity,
- verification of data integrity, indication of possible changes and critical moments,
- Analysis of artifacts after safety incidents within the limits visible on the test pad.
How we secure material and the chain of work
- Acceptance and description of material — we determine the scope, the owner of the tool, the purpose of the analysis and the technical questions to be verified.
- Imaging and verification of integrity – we make a copy of the work bit after beating and document the basic parameters of the material.
- Analysis on Copy with conclusions + delivery of the results in the agreed format.
- Findings description - we organize files, artefacts, metadata and activity traces into a logical sequence of events.
- Results handoff - we hand over findings in the agreed format, with a description of the work scope and analysis limitations.
What the client usually receives after analysis
- a technical report describing the actions performed and the key findings,
- a list of recovered or identified data if the device condition allowed readout,
- information about which activity traces could be confirmed and what can no longer be determined clearly,
- working material for further internal analysis, legal consultation or business decision-making.
Limitations and honest rules
No, not as a working rule. The standard is to create a controlled image or copy first and analyse that copy. We treat the original device as source material that should be protected from further changes.
If you have the right to have a sheet or material, we can safely determine the scope of the analysis. Such a first step protects the legality of orders, the purpose of research and further technical decisions.
To whom?
For companies, institutions and private individuals, which need technical equipment. This includes a safety incident, data dispute, a failure of the storage device or a situation where you need to confirm what is or is actually found on a disk, matrix, USB flash drive or memory card.
Most common questions before media analysis
Do you work on the original device?
No, the standard is to create a working copy or image and analyze that copy. The original is treated as source material that must be protected from additional changes.
Can it be determined that files were deleted or copied?
Disconnect the device if it may still be writing data. Do not run repair tools, antivirus cleanup, CHKDSK, formatting or recovery software on the original. Prepare a short note with the device model, incident date, user accounts, passwords if needed and the exact questions you want answered.
How should I prepare material for analysis?
It is best to separate the storage device from work, fix nothing yourself and write a brief description of the case: the date of the incident, the type of storage device, the symptoms and questions to which the analysis has answered. This reduces the time of take-off and reduces the risk of loss.
Do you handle business cases and material for law firms?
Yes. We can prepare technical findings for business owners, IT teams, attorneys or compliance teams. The report describes the material reviewed, the methods used, the findings and the limitations, without pretending that damaged or overwritten evidence is stronger than it is.
Before contact:573 532 490biuro@dyskispolka.pl
Warsaw (Białołęka), ul. Jana Kowalczyka 1, lok. 8, 2nd Floor Mon.–St. 09:00–18:00
Information technology: analysis of the storage devices, data security and technical report
FAQ - computer media forensics
Do you perform the analysis on a copy rather than on the original?
Yes. When the device condition allows it, we create a controlled image or working copy first. The original is protected as source material.
Do you prepare technical material for an attorney or compliance team?
Yes. We can prepare a technical report and organized findings for internal review, legal consultation, compliance work or a business dispute.
Does this service also include phones?
No. In this respect, we are talking about computer tools and IT environments, not about the recovery of phone data.
How is material confidentiality handled?
Material is handled under controlled access rules. NDA handling is available on request, and the scope of analysis is agreed before work begins.