Simply put, computer forensics is the collection, preservation, analysis and presentation of electronic evidence. It is, in a manner of speaking, “Sherlock Holmes Goes Digital.” A computer forensics expert truly is a digital detective. Sensei's Vice President, John W. Simek, is an EnCase certified forensic technologist (EnCE). It is laborious, painstaking, careful work in which a moment’s inattention to detail and procedure may result in trampling on evidence and rendering it inadmissible. Click here to view Mr. Simek's CV. Click here for a partial list of Sensei's clients. Sensei also has another highly qualified forensics examiner - Click here for Michael Maschke's CV.
The “acquisition” of electronic evidence to ensure that the source is preserved in pristine condition is critical. Once the evidence is acquired, it is then carefully verified, hashed, and indexed before any searching or analysis begins. Even then, a computer forensic technologist must have a “bag of tricks” - tools to perform hundreds of arcane operations depending on the operating system, applications and file formats in issue.
What can be found??? To the amazement of most people, e-mail remains long, long after you have deleted it and emptied the recycle bin. In the graveyard of deleted
e-mails (also known as “slack” space), the most powerful evidence is usually found. Whether it is evidence of adultery, trade secret theft, espionage, harassment, discrimination, pornography, or fraud, the odds are always highest that the “digital smoking guns” will come in the form of e-mails.
There are other sources of course. Hidden keystroke logger programs proving industrial spying, financial records showing assets being hidden, databases purloined from an employer and sold to a competitor, word processing documents evidencing all manner of misdeeds, music files infringing copyrights or graphic images supporting a child pornography charge - the possibilities are almost endless.
In short, paper-shredding parties have been made all but obsolete by computer forensics. Shred away - if you are guilty, it is more than likely that you have fashioned your hangman’s noose in the 1s and 0s of your computer system, or its back-up. If you have tried to cover your tracks, which rarely works, you have merely added spoliation of evidence charges to any other allegations against you.
If you are interested in computer forensics and its history, you may enjoy reading our article, "Takedowns: Legendary Successes in Computer Forensics." If you need help with crafting legal forms in cases involving electronic evidence, you may want to order our book The Electronic Evidence and Discovery Handbook: Forms, Checklists and Guidelines (American Bar Association, 2006).
Data recovery is exactly what the words say - though often employed as part of computer forensics, there are other times when data recovery is critical. Floods, fires, and explosions may leave a data disaster in their wake. People have been known to maliciously hammer a computer, or to inadvertently drive their car over a laptop. All manner of misfortunes befall computers - sometimes they simply fail. But inevitably, there is data that urgently needs to be recovered from the machines; hence the industry of data recovery.
If you would like further information on computer forensics, data recovery and expert witnessing, please visit the following pages:
Electronic Evidence Best Practices 
PDF (64 KB)
Finding Wyatt Earp: Your Computer Forensics Expert PDF (58 KB)
Spoliation of Electronic Evidence: This Way Be Dragons PDF (31 KB)
Drafting Electronic Evidence Protocols: Staying Out of the Briar Patch PDF (43 KB)
Electronic Evidence: The Ten Commandments PDF (743 KB)
