Collection and Evaluation of Digital Evidence

Perhaps you think of the latest crime thriller when you think of forensics. But not only a mysterious murder can be investigated forensically, but also cyber attacks, theft or manipulation of data, and unauthorized use of IT resources. This is exactly what we do with digital forensics. In this process, our forensics team systematically searches for digital traces in a way that is court-proof and clarifies the questions of what happened where, when, and how, who triggered it, and how this relates to the bigger picture. The goal is to reconstruct the security incident as completely as possible.

Digital forensics plays a crucial role in the detection and clarification of unwanted and even criminal activities in the digital world. It involves the collection, investigation, analysis, and interpretation of digital evidence generated by crimes or breaches of IT security. It is about identifying hacker attacks, data theft, data leakage or fraud cases and assessing them by means of digital evidence searches.

Strict rules apply to the investigation to prevent potential evidence from being irrevocably destroyed or rejected in court. IT forensic analyses require expert knowledge and specialized software and hardware. For this purpose, Oneconsult has a specifically trained and certified forensics team and its own forensics laboratory.

Your Benefits at a Glance 

  • Professional preservation and analysis of digital evidence
  • Best possible reconstruction of the course of an incident
  • Court-proof methods and tools
  • Professional forensics laboratory
  • Guaranteed discretion
  • Communication tailored to the target group

Our Digital Forensics Approach

  1. Kick-off Meeting: Definition of the scope of the investigation, specification of the objectives as well as the systems and data that are to be investigated.
  2. Collection: Forensic collection of data relevant to the investigation.
  3. Examination: Examination of collected data and systems. Data is then extracted, processed, and prepared for analysis using automated and manual methods.
  4. Analysis: Analysis of the prepared data to achieve the objective of the investigation.
  5. Documentation: Preparation of a final report, which is tailored to the target group. This includes a management summary, description of the initial situation, objectives, hypotheses, procedure, results of the forensic investigation, findings, and any recommendations for action.
  6. Final Meeting: Presentation and discussion of the final report. In a next step, duplicates of the collected evidence are securely deleted or destroyed in order to maintain confidentiality.

Why Oneconsult Is Your Digital Forensics Specialist

  • We have been offering digital forensics as our core competence for over 15 years.
  • Our incident response team has the most recognized certifications in the field of incident response and digital forensics: GCFA, GCFE, GDAT, GNFA, GREM, GCIH and more!
  • We conduct forensic investigations in accordance with international standards and methods: ISO/IEC 27035, ISO/IEC 27037, ISO/IEC 27041 and others.
  • We have been a full member of FIRST (Forum of Incident Response and Security Teams) since 2019.
  • We offer comprehensive solutions, from prevention to incident resolution.
  • Our satisfied and long-standing customers are the best proof of our service quality.

Get a Digital Forensics Quote Now

Frequently Asked Questions (FAQs) About Digital Forensics

An IT forensic investigation usually begins with the securing of digital evidence to prevent the alteration or deletion of data. This is followed by the analysis of the secured data to extract relevant information and evidence. Forensic processes and recognized tools are used to recover deleted files, analyze metadata, review network communications, and identify suspicious activity. The findings are documented and can be used as evidence in legal proceedings.

Confirmed by Our Statistics

Every day, companies around the world rely on our expertise. This is confirmed by our statistics in addition to our long-standing customers.



0 +

IT forensics 
investigations per year



Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

Add CSIRT to contacts