Computer and Disk Drive Forensicsin Washington DC

Computer Forensics Experts and Technology Expert Witnesses

If digital evidence exists, we’ll find it.

Washington DC Computer Forensics has recovered incriminating data from all types of computer systems. We’ve worked with major law firms across the country on cases ranging from patent litigation to criminal defense. Deleted email and photographs, erased documents, Internet browsing activity, computer usage habits, printing and copy records – we can find it and help you present it as evidence in court.

 Hard Drive Forensics

Jump to:

Key Questions

Our work is all about finding answers. Typical questions that can be answered by a computer forensics and drive analysis might be:

  • What did the user do on the computer, at what time on what date?
  • Was proprietary information stolen, and by whom?
  • Can specific deleted files be recovered?
  • Was sensitive information sent to outside parties?
  • Was a document forged, and can its revision and printing history be accessed?
  • Were company policies broken?
  • Can evidence be recovered off a deliberately damaged system?
  • The system is encrypted – can you break in?
  • Who has accessed what information, and when?

Types of Recoverable Data

There are a lot of different types of data that can be found in a digital forensics analysis. Typical examinations might reveal:

  • Emails, deleted emails
  • Internet logs and search history
  • Erased files
  • Deleted pictures and movies
  • Access and usage information
  • Proprietary and custom file formats and types
  • Temporary files
  • Logs

Washington DC Computer Forensics forensics experts are not IT personnel with additional certifications. We’re programmers and developers who come from a variety of industries including defense contracting, financial services, and criminology. We understand not only the technical issues involved in a forensics investigation, but also how people in various sectors think, how they set up their systems, and the quirks of different computer applications and file formats. We find evidence everyone else misses.

Drive Forensics Process

Free Consultation

Contact us for a free consultation with one of our forensics experts. We’ll learn the particulars about your situation, discuss evidence potential, the location and condition of the drive, and work out a plan to best help you.

Get Us the Drive(s)

Arrange drop off/courier/FedEx delivery of the drive/computer/device to Washington DC Computer Forensics. Drives can be returned to you, or held as evidence.

      • The suspect device is received, and logged.
      • A proper chain-of-custody log is created.
      • The suspect device is forensically duplicated (imaged) using court accepted procedures.
      • The original evidence is properly stored in compliance with court approved procedures.

A Complete Forensic Analysis

A Washington DC Computer Forensics analyst will digitally dissect the drive. You may only be interested in deleted emails, but we will find EVERYTHING on the drive that’s there to find.

  • All procedures are forensically sound
  • Chain of custody is preserved (evidentiary value)
  • Only court accepted tools and processes are used
  • Extraction of both active and latent data (deleted files, emails, texts etc.) to the extent forensically possible.
  • Keywords are searched using state-of-the-art forensic tools
  • Results supplied with Bates numbers and metadata
  • Entire device is searched, including for deleted information, metadata, emails and texts.


Once we’ve completed our analysis of the drive, we will prepare a full report detailing our findings. This legal quality report includes full custodial chain documentation and meets the standards established by the US Dept. of Justice for digital forensic evidence submission.

      • An analyst will explain the findings to the client and await further disposition.
      • Our report will help identify the presence of any evidence or indicators to help client determine evidentiary value.
      • Storage of the subject media and forensic images for up to 1 year


  • If there is evidence on the drive or computer, TURN IT OFF

    • When a user creates a file on a computer, the operating system writes that data to a physical location on the drive. The operating system then records the file’s name, location and size in what is basically a table of contents – so the operating system “knows” where that file is. When a file is deleted or erased, the file’s name is removed from the “table of contents,” but the file’s data isn’t touched and will remain intact until it is overwritten by other data. Washington DC Computer Forensics forensic analysts can find that seemingly “lost” data, but the device must be turned off and we need it in house as soon as possible.
    • Computers and drives are often protected by passwords and encryption. Depending on the type of security, extracting information on the drive can get difficult.
    • Mechanically or electrically damaged drives might need repairs in order to access data stored on them.
    • There are legal implications regarding drive ownership and forensic analysis. Please call Washington DC Computer Forensics if you have questions in this area.


Call us at (202) 360-4356. Your call will be answered by a forensics analyst. Click below to schedule a complementary consultation.

Schedule a Free Consultation

Our Clients

Washington DC Computer Forensics works with clientele from all sectors, ranging in size from small graphic design firms, to Fortune 500 companies.

  • NASA
  • The City of Boston
  • AES Energy
  • PSE&G
  • Senior Aerospace
  • American Civil Liberties Union
  • Medstar
  • and more