Hard Drive Recovery Offer to Natural Disaster Victims

We are offering special, reduced-rate services to victims of hurricanes to recover the data from their hard drives.


  • Special handling of hard drives is required to enable data to remain recoverable!
  • Even if you are not ready for recovery of your data, contact us ASAP for instructions about how to prevent permanent destruction of the data on your hard drives.

  • We want to help you recover as easily and as soon as possible. 
    Our prayers remain with you and yours.

How do I start obtaining digital evidence with a forensic examination?

It is imperative that a digital forensic examiner becomes involved in your case as early as possible to maximize the cost effectiveness of the digital forensic process and prevent spoliation of digital evidence.  The following outlines a generalized procedure: 

  • The client obtains a court order for preservation of the digital information to prevent spoliation of the evidence.  The order can also include a clause stipulating that we shall be responsible for all digital forensic services.  Of course, the more precise the order is, the less chance digital evidence will be spoliated or vanish.
  • The type, size, quantity, characteristics, etc. of the original digital media (drives, tapes, etc.), equipment, software, etc. that will be involved in the forensics examination must be determined.
  • Client develops Statement of Work with consultative advice from us.
  • Eagle Eye Forensics, LLC Services Agreement is signed by client and us.
  • Client pays the retainer fees at time of signing the Eagle Eye Forensics, LLC Services Agreement.
  • The drives necessary for imaging are obtained.  Access to the drives is rigidly restricted and a Chain of Custody is established and maintained.
  • We image the original drive(s).
  • We analyze the digital data per the client’s parameters.
  • We present the discovered digital information to the client.

What is our fee structure?

Services are contracted on an hourly basis with an initial retainer.  The amount of the initial retainer is determined after the Statement of Work is defined.  Unused retainer funds are refundable.  The hourly rate is dependent upon the service rendered.

What reports and documentation are delivered with the discovered digital information?

We shall deliver the following to the client as specified in the Statement of Work section of the services agreement:

  • Chain of Custody report;
  • Overall analysis of the subject computer system layout, file structures, and operating system;
  • Appropriate listing and identification of all possibly relevant files and recovered data;
  • Discovered authorship information for recovered data as required;
  • Documentation of apparent attempts to hide, delete, protect, or encrypt information of interest, and
  • Documentation of all procedures used, including any deviations from standard practices as required.

How do we deliver the digital information we discovered to the client?

We copy whatever files or parts of files of interest that we locate to a digital media for your ease of use.  The found data is exported to the new digital media in HTML format. Most commonly they are copied to CDs in HTML format, but we can copy them to DVDs, hard drives, or another digital media that you may desire.  At all times, we have proceeded in a manner that has established and maintained a chain of custody for the digital information that is delivered to you.

Folders could be created based upon the search strings you provide.  Any file with a matching search string could be placed in the appropriate folder.  Searching with newly added search strings for additional files could be conducted at your office if desired.

What forensic products do we use?

We use products from the following companies:

  • AccessData Corporation
  • ACD Systems
  • Acronis
  • ASR Data
  • Digital Detective
  • Guidance Software, Inc.
  • Mares and Company
  • Neobyte Solutions
  • Paraben Corporation
  • PARAGON Software Group
  • Passware
  • Payne Group
  • Runtime Software
  • SnadBoy Software
  • StepaNet Communications, Inc.
  • Technology Pathways, LLC
  • X-ways Software Technology AG

This list may be updated or changed from time to time without notice.

What are some of the digital media we can examine?

  • Hard and thumb drives
  • Floppy and Zip disks
  • Flash cards and tapes
  • CDs and DVDs

If necessary, you can download a more complete list of sources in the Free Resources section.

What if the digital media is not located in the Atlanta Area?

Print E-mail
If the digital media is not local to Atlanta, there are various options available to you for imaging it in a manner that creates and maintains a chain of custody.

Please call us so we can discuss your specific situation.

How do we collect evidence from digital media?

We search the digital media, using the parameters that our client specifies, with special forensic software.  This search includes searching areas that are typically inaccessible to normal users.  You might think of it as a very sophisticated Google search.

The search is conducted in an impartial manner.  Whatever files are present that meet the search criteria defined by our client will be discovered and presented.

During this process, we extract as much information as possible from normal files, deleted files, hidden files, password-protected files, and encrypted files.  The extent of the data that is recoverable depends upon how much of the deleted data has not been overwritten.  Therefore, early preservation of the data on a digital media is important to prevent overwriting data that could be used as evidence!  

Contact us ASAP for assistance in securing digital evidence!

How do we image a drive?

We image the original drive of the computer which contains the evidence. This creates an image drive that is identical, bit for bit, with the original drive.

In some cases, an image drive is placed in the computer so that the computer can continue to be used. In this manner, nothing has changed in the user’s view. All the data, applications, their locations, passwords, file dates, etc. are exactly as they are on the original drive.

The original drive is stored safely and securely in our custody.

We make additional image drives; i.e., an examination drive, used during our examination for data, and other examination backup drive(s).

I know which files that I want to submit as evidence. Can't I just copy them to a CD?

Opening or copying a file(s) nonforensically, will change the parameters associated with the file(s); i.e., the date the original file(s) was created, modified, etc. Copying or "ghosting" a drive is not the forensic way!

It would be a great way to hide changes to the file(s) because no one would not be able to tell, by examining the file(s) on the CD, when the original file(s) were really created or modified!  Also, significant evidence might be neglected; for no parts of deleted/erased files(s) would be copied to the CD (unallocated (empty) space on the drive is not copied).

This is why it is much better and safer for your case to let a forensic examiner handle everything so your case is not jeopardized by spoliated evidence.

More Articles...

Page 1 of 2