Together with the customer we define which persons and which actions are suspicious and when the actions took place.
Who has access to the information?
What data has been copied and by whom?
What emails have been sent?
What emails have been removed?
What chat conversation has been taken place ? (Facebook, hotmail, google, yahoo, AOL, MySpace, Bebo, mIRC, Gigatribe)
What data have been removed and by whom (and when)?
What kind of information has been printed and by whom (and when)?
Have users from outside the organization gained access to the system?
Have certain users used password cracker software or "data shredders" to remove traces?
What internet sites have been visited?
Our engineers can reply to all these questions after having analyzed your computer.
The "Harddrive Lock" disk (see picture) is essential in this case: it prevents us from modifying the slightest bit from the disk during the research.
