FAQ

Yes, provided that the analysis has been conducted according to recognized forensic standards. For digital evidence to be admissible in a Swiss or European court, several conditions must be met:

• Guaranteed data integrity — the original media has not been modified (use of a hardware write blocker during acquisition)
• Traceability of the chain of custody — documentation of each manipulation from seizure to analysis
• Cryptographic hashing — MD5 and SHA-256 hash calculated at acquisition to prove integrity
• Certified expert report — written by an expert who can testify to their methodology

Our forensic reports are written according to ISO/IEC 27037 standards (identification and collection of digital evidence) and can be presented before Swiss and French jurisdictions.

#judicial evidence #admissibility #ISO 27037 #SHA hashing #court

The cost of a forensic analysis depends on the scope of the investigation, the type of media, and the level of urgency:

• Forensic acquisition only (cloning + integrity report): billed per media processed
• Complete analysis (acquisition + investigation + expert report): billed according to the complexity and volume of data to be analyzed
• Expert testimony in court: quoted based on duration and preparation required

Standard turnaround times are:

• Forensic acquisition: within 24 hours
• Standard analysis report: 5 to 10 business days
• Urgent report (imminent legal proceedings): 24 to 72 hours

A detailed quote is provided after a free evaluation of the case. Our rates are transparent and detailed in our quote — no hidden fees.

#forensic rate #analysis price #quote #court expert #forensic delay

Confidentiality is a fundamental principle of our forensic practice. We apply strict rules:

• Restricted access — only the technicians in charge of the case have access to the data. Each access is logged.
• Confidentiality agreement — an NDA (non-disclosure agreement) can be signed on request before any intervention
• Secure destruction — after submitting the report and with the client's agreement, the working copies are destroyed by certified secure erasure
• Hosting in Switzerland — all data remains in our laboratory in Ins (BE), subject to Swiss data protection law (LPD)
• CyberSafe Certification — our security practices are audited and certified by the CyberSafe label recognized by the Swiss Confederation

#privacy #NDA #data protection #DPA #professional secrecy

Partially, yes. Overwriting a hard drive does not instantly destroy all data. Several mechanisms allow for partial recovery:

• Partially overwritten files — if only the header or end of a file has been overwritten, the rest can often be reconstructed
• File carving — a forensic technique that searches for file signatures (magic bytes) directly in the raw sectors, regardless of the file system. Effective even after reformatting.
• Spare sectors and HPA zones — some drives keep copies in areas inaccessible during normal use
• Magnetic remanence — on older HDDs, traces of previous writes can sometimes be detected with specialized equipment

A secure overwrite with multiple passes (DoD 5220.22-M or Gutmann standard) makes recovery practically impossible. A simple quick format or a standard deletion is not enough.

#disk wiping #file carving #forensic recovery #DoD #magnetic remanence

Forensic data recovery (or digital forensics) is a rigorous technical process that aims not only to recover deleted or hidden data, but also to preserve the chain of custody so that this data is admissible in court.

The main differences with standard data recovery:

#forensics #digital investigation #forensic evidence #chain of custody #write blocker

Our forensic procedure follows a strict 5-step protocol:

1. Reception and documentation — recording of the media with photos, serial number, physical condition observed. Issuance of a signed acknowledgment of receipt.
2. Forensic acquisition — bit-by-bit cloning of the original media via a certified hardware write-blocker. Calculation of MD5 and SHA-256 hashes on the acquired image. The original media is never modified.
3. Analysis — investigation on the working copy: recovery of deleted files, analysis of metadata, reconstruction of the activity timeline, identification of artifacts (logs, history, registry).
4. Documentation — each action is recorded in a time-stamped log. Relevant files are extracted and cataloged.
5. Expert report — detailed report including the methodology, tools used, results and conclusions, accompanied by digital attachments.

#forensic procedure #acquisition #write-blocker #expert report #protocol

Digital forensics expertise is requested in many professional and legal contexts:

• Commercial litigation — searching for evidence of embezzlement, breach of confidentiality clause, internal fraud
• Criminal proceedings — judicial assistance on seizure of computer equipment, analysis of seized media
• Security incidents — post-incident analysis of a cyberattack, identification of the intrusion vector, extent of the exfiltration
• Labor law — searching for evidence of offenses committed on company equipment (harassment, data theft, abusive use)
• Divorce or family proceedings — recovery of digital evidence in civil proceedings
• Insurance — incident reconstruction for claims reporting

#forensic expertise #judicial investigation #internal fraud #security incident #digital evidence