The security and integrity of your files and storage devices are never compromised.
There are two scenarios to create a forensic image, done by the client or done by Forensic Scan. Once the forensic image is created, the scanning process is identical.
Scenario 1 – Client creates forensic image. Under our instruction your IT department creates a duplicate image of the storage device suspected to be infected with malware. Then, the duplicate of your storage device is sent to our secure forensic laboratory via secure overnight courier. Under this scenario, the client has the capability to create either an encrypted or non-encrypted E01 image of their storage device.
Scenario 2 – Forensic Scan receives the client’s original storage device and we create the forensic image. Using industry-standard hardware with built-in write blockers, we create a read-only E01 forensic image of each storage device you suspect of being infected. We tag this image as Item 1. If Forensic Scan creates the forensic image there is an additional charge per hard drive.
At the conclusion of either scenario 1 or 2, the remaining process is the same:
- Forensic Scan verifies that Item 1 is an exact duplicate of the storage devices copied with the hash tags.
- Using commercial forensic tools, we scan the Item 1 image and recover all deleted files. Then, we convert these files
to an E01 forensic image, which we call Item 2.
- We simultaneously scan the read-only E01 forensic images –Items 1 and 2 – with more than 55 industry-standard malware detection engines using the most up-to-date malware signatures.
- We look at the scan results to identify the malware threats discovered. We identify which malware engine can identify and eradicate each threat.
- Finally, we provide a report that compiles screen shots of results that each malware engine found or didn’t find.