Digital Forensics & e-Discovery

Digital Forensics & e-Discovery

The art and science of looking for digital evidence on servers and mobile devices.

Digital forensics is the process of identification, preservation, extraction, and documentation of digital evidence which can be used in a court of law. e-Discovery is a form of digital investigation that attempts to find evidence in email, business communications and other data that could be used in litigation or criminal proceedings. Canary Trap’s methodology mandates a proper preservation of the source evidence with high integrity and the reproducibility of the manipulations.

Our team of elite security experts can be engaged to look “under the hood” in order to identify and interpret the reality of digital evidence.

Use cases supporting the need for digital forensics vary based on which department is driving the engagement. Generally, digital forensics investigations are driven by the Human Resources, Audit and Legal Departments and are motivated by:

Human Resources:

  • General employee misconduct
  • Productivity issues and time loss
  • Harassment
  • Theft of company data, trade secrets, intellectual property or data leaks


  • IT audits with increasingly fast-changing technologies
  • Financial audits in complex systems and databases
  • Fraud/collusion allegations
  • Security audits.


  • General litigation
  • Criminal investigations
  • Theft of company data, trade secrets, intellectual property or data leaks
  • Computer-facilitated crime
  • This field is for validation purposes and should be left unchanged.

Canary Trap’s approach to digital forensics combines several activities to ensure a robust engagement:

1. Forensic evidence preservation

  • Hard drives, cloud accounts, storage media, files and mobile devices
  • Copy with integrity in a forensic format, including mathematical fingerprints (hashes)
  • Documentation of the evidence and copies with a proper audit trail (chain of custody)
  • Copies are transferred to quality media when provided to the client
  • Copies are kept on redundant storage (RAID) when kept by Canary Trap

2. Forensic examination 

  • Observing and documenting the facts, physical or virtual
  • Answering questions based on initial observations only (no analysis).

3. Forensic analysis

  • Analyzing the evidence to interpret the facts and draw substantiated conclusions
  • Providing factual answers to specific questions raised by the client.

4. e-Discovery

  • Indexing and identifying the evidence data to showcase quantity and content
  • Indexed data is fully searchable
  • The client will be provided access to the full indexed data with the same software used by Canary Trap, but in “review mode”
  • Providing factual answers to specific questions raised by the client about the presence of data, its quantity and content

5. Forensic and e-Discovery reporting

  • Writing a detailed report of the evidence at hand, its examination, the analysis done and the conclusions drawn to determine if any violation has occurred

Canary Trap combines human expertise with sophisticated tools, proven methodologies and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to security testing and assessments.

For more information, please complete our Scoping Questionnaire or Contact Us.

Download the Service Brief

Digital Forensics & e-Discovery