(800) 403-0442



Computer Forensics

Guardian forensics is a top computer forensics company in the world of digital forensics.  Computer forensic investigations involves the collection, preservation, analysis, and presentation of electronic evidence from computers, cell phones, mobile devices, storage media and other electronic devices so that it can be used in court to prove your case.

Digital evidence for use in litigation can be found by uncovering data trails from emails, document modification and looking for data and files that have been copied or transferred to external devices: thumb drives and external hard drives.

Locating these data trails and identifying time / date stamps must be done in a forensically sound manner so that evidentiary status is maintained in the process. If proper processes and procedures are not followed, you run the risk of jeopardizing your case because the court may disallow your evidence.


Guardian has provided extensive support to law enforcement agencies at the municipal, state and federal levels. Case types have included wrongful death, credit card theft, tax fraud, arson, homicide, child pornography and more. Our background in law enforcement combined with our expertise in computer forensics makes us the perfect solution to your computer evidence problems.


Computer forensics has the ability to reveal the exact actions taken by a user.  Activities may be a result of user actions or may be systematic and part of normal computer usage.  In some instances, individuals inside or outside the organization may connect to a computer in an effort to perform rogue activities that will reflect negatively on the normal user of the computer.  Obtaining the facts and an expert opinion regarding those facts can provide you the validation and confidence you need before taking action.

There are many types of questions that forensic examiners are often asked to research and respond to, including the following:

  • Were any external storage devices recently connected to the computer?
  • Are there indicators that a computer user copied or transferred company files, trade secrets or other sensitive data to external sources?
  • What specific actions took place on a key date and time by the user?
  • Did the user run or install programs that are designed to obfuscate or cover their tracks?
  • What files were deleted by the user?
  • Did the employee engage in bad faith and provide information to outside parties?
  • Did the employee break the company policy regarding standards of acceptable computer usage?
  • Is the document produced really as it appears?
  • Did anyone else access the computer who may be trying to frame the suspect or perpetrator?