Digital forensics 2018-04-11T16:23:59+00:00

Digital forensics


We protect intellectual property, we investigate on internal frauds and we safeguard corporate security from external threats. This activity allows us to recover electronic information through methods that make it possible to use them in legal, investigative fields or any other use aiming at finding facts, deciding whether a proof has been cancelled or modified. We grant the identification, the recovery and the reconstruction of digital data from hard drives (server, hard disk, floppy, memory card, pen drive, GPS devices, optical-magnetic tapes, phones, smartphones, tablets, …), when technically possible, even if deleted or damaged; for example photos, videos, e-mails, visited web pages, hidden files and any other digital trace that can be used as evidence both in criminal and civil cases. We make a chronological reconstruction of the accesses to web sources and to all other opening operations and manipulations of files from local and remote supports identifying e-mail senders and chat-interlocutors; we effectuate a complete analysis of the content of any type of electronic device, making integral forensic copies, with the possibility of total or partial indexation for researches, the so called grep, boolean, case sensitive. We analyse and recover mobile phone data as chats of the most popular social networks, phonebook, SMS, MMS, call logs, photos, videos, GPS location. We detect the existence of software malware or abnormalities on any platform and/or informatic system.

Legal point of view: the activity of informatic investigation and/or electronic forensic is led to identify digital traces that acquire evidentiary value. The methodology used rigidly follows the actual law on digital forensics maintaining the evidence unchanged, thus being available in a possible future proceeding. We advise and assist our customer offering the most suitable technical and informatic solutions in all the phases of the proceeding.

Technical point of view: physical acquisition of the mass memories effectuated in forensic way, with the analysis of non-allocated clusters and the subsequent reconstruction of the deleted or damaged data, allows to give full usage of the acquired data. We can also effectuate the reconstruction of the user profile, through a rationalization of the extracted data, through specific research criteria, the comparison of meta data and log files, also use temporal allocation criteria of the single clusters in a temporal line, also with the possibility of comparing algorithms of digital finger print.

Application point of view: This methodology briefly described can be applied in different areas such as:

  • Suspect of corporate infidelity and/or internal corporate activities of social engineering.
  • Prevention and dissuasion of possible informatic attacks externally to the company.
  • Control and maintenance of the corporate informative security also for warding off possible abnormal activities, unlawfully perpetrated by dependants or third parties.
  • Bankruptcy proceedings before the alienation of electronic or informatic device.
  • Recovery of deleted or damaged data.

Activity areas


Securing Computer Evidence, Processing Evidence, Searching Data, Computer Investigation.


Data seizure, Data Duplication, Data Preservation, Data Recovery, Document Searches.


  • Video, audio, text, images.
  • Lost, cancelled, damaged, hidden.
  • Coded, manipulated.
  • Shared, sent, received, draft.
  • Windows-Mac-Linux-Unix…
  • Social network-telematic frequentations-chats-blogs-newsgroup…


  • Frauds, informatic crimes, data theft, phishing, injury and defamation, threats, market manipulation, illegal trafficking, on line fraud, credit card cloning, sexual abuse, paedophilia, terrorism, cracking, racial discrimination, spamming, recycling, extorsions, organized crimes, identity theft, company unfaithfulness, insider trading, stalking.