On a corporate level our forensic expert analysis can facilitate cases in search of evidence for sexual harassment, espionage, information theft, embezzlement, and violation of corporate policies. Once the electronic evidence has been identified, searches are then performed for various types of data (email, office documents, user activity) and analyzed to prove whether or not the employee or person who had access to computer actually committed the acts that are alleged. Sophie groups Computer Forensic analysis provides expertise to large corporate level, small business level, or individual level.

Data Tampering

We can analyze the data on a computer system to determine if a user or disgruntled employee intentionally tampered with the data, hindering an investigation or business practice. There are many indicative signs that show activities of potential manipulation, such as deleting or changing the content of files.

Deleted is not always Deleted

When a user performs a command to delete a file, the operating system only deletes the first letter of the file name from the allocation table, and reports that sectors containing the deleted data as empty or available for storage of new data. However, the old data remains unchanged and intact until new data is stored in the specific sector and cluster containing the residual data. It is only during the process of overwriting new data into the sectors containing the old data that the residual data is truly deleted. However, since data is randomly stored in the millions of potentially available sectors, it is unusual for all sectors containing a file to be overwritten within new data. This provides the opportunity for portions of deleted files to be recovered from non allocated clusters long after the user has deleted the file from the computer.