Digital Forensics
Understanding what happened. Digital traces leading to the truth.
Get a quote now

Digital Forensics and Evidence Preservation

No trace is too small, no detail too insignificant – we reconstruct the digital puzzle. Our Digital Forensics Team specializes in systematically and seamlessly preserving digital evidence and creating court-proof reconstructions of events. With years of experience, we can provide you with an accurate analysis and solutions for complex cases. You can rely on our expertise to ensure that not a single digital trace is lost.

Digital forensics plays a critical role in the detection and investigation of cybercrime, data breaches, and other criminal digital incidents. It includes techniques for preserving, analyzing, and interpreting digital evidence resulting from criminal activity or IT security breaches. The goal is to analyze and resolve hacking, data theft, data leakage, or fraud using digital evidence.

IT forensic investigations necessitate a deep understanding of both the methodologies and the regulatory standards essential for maintaining the integrity of evidence. To achieve this, Oneconsult has a highly specialized and multi-certified forensics team, complemented by a state-of-the-art forensics laboratory that is fully equipped and rigorously secured for conducting thorough analyses.

Your Benefits at a Glance 

  • Professional preservation and analysis of digital evidence
  • Best possible reconstruction of the course of an incident
  • Court-proof methods and tools
  • Professional forensics laboratory
  • Guaranteed discretion
  • Communication tailored to the target group

Our Digital Forensics Approach

  1. Kick-off Meeting: Definition of the scope of the investigation, specification of the objectives as well as the systems and data that are to be investigated.
  2. Collection: Forensic collection of data relevant to the investigation.
  3. Examination: Examination of collected data and systems. Data is then extracted, processed, and prepared for analysis using automated and manual methods.
  4. Analysis: Analysis of the prepared data to achieve the objective of the investigation.
  5. Documentation: Preparation of a final report, which is tailored to the target group. This includes a management summary, description of the initial situation, objectives, hypotheses, procedure, results of the forensic investigation, findings, and any recommendations for action.
  6. Final Meeting: Presentation and discussion of the final report. In a next step, duplicates of the collected evidence are securely deleted or destroyed in order to maintain confidentiality.

Why Oneconsult Is Your Digital Forensics Specialist

  • We have been offering digital forensics as our core competence for over 15 years.
  • Our incident response team has the most recognized certifications in the field of incident response and digital forensics: GCFA, GCFE, GDAT, GNFA, GREM, GCIH and more!
  • We conduct forensic investigations in accordance with international standards and methods: ISO/IEC 27035, ISO/IEC 27037, ISO/IEC 27041 and others.
  • We have been a full member of FIRST (Forum of Incident Response and Security Teams) since 2019.
  • We offer comprehensive solutions, from prevention to incident resolution.
  • Our satisfied and long-standing customers are the best proof of our service quality.

Get a Digital Forensics Quote Now

Frequently Asked Questions (FAQs) About Digital Forensics

A digital forensic investigation usually starts with securing digital evidence to prevent data from being altered or deleted. The secured data is then analyzed to extract relevant information and evidence. Forensic processes and approved tools are applied and used to recover deleted files, analyze metadata, examine network communications and identify suspicious activity. The results are documented and can be used as evidence in legal proceedings.

Ideally, a digital forensic investigation provides answers to the “Five Ws”:

  • What happened?
  • What motive did the attackers have?
  • When did the attackers gain access to the systems and for how long did they have access?
  • Which data was viewed / copied / deleted / manipulated?
  • Who is behind the access?

For non-specialists, it is often surprising how much information can be obtained from the systems. However, this requires that the relevant data is collected on the systems to be investigated, such as log files that provide information about logins and logouts, connections or programs that were executed. To ensure that sufficient data from the systems in question is available in the event of an emergency, it is advisable to implement an appropriate logging strategy.

There are numerous use cases. Below are some example scenarios in which a digital forensic investigation is recommended:

  • Your IT security systems issue an alert that a malicious program has been executed.
  • Your network monitoring tools detect unusual behavior and suspicious connections to your systems.
  • Usernames and passwords from your company can be found on the Darknet.
  • An employee has provided their login details in a malicious phishing campaign and this is discovered internally many days / weeks later.
  • An employee leaves the company and there are reasonable grounds to suspect that they have copied data for further use without authorization. In such cases, the company’s management may be required by law to notify relevant authorities and persons and provide information to them due to their duty of care.

In addition, an investigation is required by law in all cases where there is a high probability or even proof that a system has been compromised. An obligation to investigate may arise from Art. 32, 33 and 34 GDPR (EU) or Art. 24 FADP (Switzerland), among others.

Our statistics confirm this

Companies around the world rely on our expertise every day. This is confirmed not only by our long-standing customers but also by our statistics.
Cyber Security Projects
0 +
Incident Response Operations
0 +
Security Consulting Projects
0 +
Red Teaming Projects
0 +

Your contact for cyber emergencies

Your security is our top priority – our specialists provide you with professional support.
Cyber Incident?

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

  • What and who is affected?
  • Who discovered and reported the incident?
  • How and when was the incident noticed?
  • What did you observe?
  • What are you concerned about in connection with the incident?
  • What actions have already been taken?

For more information about our DFIR services here:

QR_CSIRT_2022_EN@2x
Add CSIRT to contacts