PenrodEllis FDD - Certified Experts in Electronic Discovery & Computer Forensics
PenrodEllis FDD offers four distinct services to our clients: Data Preservation, Electronic  Discovery (eDiscovery), Digital Forensics and Incident Response. Although some methods and processes are shared (such as Data Preservation procedures), eDiscovery, Computer Forensics and Incident Response are not the same thing. The forensic recovery and production of user generated Operative ESI is the primary focus in eDiscovery. When the focus shifts to the analysis of both Operative and Inoperative ESI the investigative process changes also, from eDiscovery to Computer Forensics. Incident Response is concerned with system generated Operative ESI as well as live volatile memory.
 
The following information will assist you in understanding the differences.
 
 
PenrodEllis FDD of Denver, Colorado conducts forensically recovers ESI in e-discovery, digital forensics and incident response cases from bit stream images collected from digital electronic devices.
 
PenrodEllis FDD of Denver, Colorado preserves ESI in e-discovery, digital forensics and network security investigations by collecting forensic bit stream images from the digital electronic devices on which ESI is stored. DATA PRESERVATIONData Preservation is the basis for eDiscovery, Computer Forensics and Incident Response.  While approaching ESI from dissimilar perspectives, each process recovers it from the same source: a forensic bit-stream image. It is the "best evidence" at trial. Analysis of the original digital electronic device (DED) is not conducted. Exceptions exist of course, such as the initial phase of an incident response, but they are rare. The actual process of recovering ESI in eDiscovery, Computer Forensics and Incident Response is conducted on the forensic image. 
 
 
 
In e-discovery cases, PenrodEllis FDD of Denver, Colorado captures user generated ESI, such as email messages, text documents, databases, etc., from allocated space only. After e-discovery processing, potential relevant ESI is turned over to the client's attorneys for document and privilege review. Analysis of the ESI by the electronic discovery technician is not conducted.ELECTRONIC DISCOVERYElectronic Discovery involves the capture of user generated ESI, such as email messages, text documents, databases, etc., and file metadata from allocated space only. Allocated space is simply space on a digital electronic device that contains operative data. PenrodEllis refers to this type of data as Core ESI. After eDiscovery processing, which filters for relevance and eliminates duplicates, Core ESI is turned over to the client's attorney for privoCore ESI is turned over to the client's attorneys for privilege review and production. Analysis of the data set by the Electronic Discovery technician is not conducted.
 
 
 
In digital investigations of computers, PenrodEllis FDD of Denver, Colorado captures user generated ESI from both allocated and unallocated space. PenrodEllis FDD of Denver, Colorado also recovers other ESI in the form of logs, index entries, link files and historical records. Our forensic computer examinations include analysis of allocated and unallocated files to establish its meaning and significance.COMPUTER FORENSICSComputer Forensics (or Digital Forensics) captures system, application and user generated ESI from both allocated and unallocated space. Unallocated space contains deleted files, temporary files and residual data from partially overwritten, deleted files. Digital forensics also recovers other ESI in the form of logs, index entries, link files and historical records. We call this type of critical information Ambient ESI (others call it file artifacts). Furthermore, forensic computer examinations include analysis of both Core and Ambient ESI by the computer examiner to establish its meaning and significance.
 
 
 
PenrodEllis FDD of Denver, Colorado conducts Incident Response as part of an emergency computer examination of network-linked servers, workstations, routers and attached storage that may have been compromised by a hacker or malicious software.  INCIDENT RESPONSEIncident Response is an emergency examination of network-linked servers, workstations, routers and attached storage that may have been compromised by a hacker or malicious software. The initial analysis is conducted on booted (online or "live") computers whereas subsequent examinations are conducted on forensic bit-stream images collected from the compromised computers. Live computer analysis is a complex processes as the ESI under review is volatile and is moving or changing while the examiner analyzes it.