Services
Cybersecurity & NIS2
Cloud & Datacenter
Brand Protection & Domains
Network & Connectivity
Legal & Digital Forensics
Products
Domains PEC Hosting Dedicated Servers Mail Server Training
Innovation Consulting About Us
Message us on WhatsApp Contact Us
Legal & Digital Forensics

Forensic Device Acquisition

Bit-for-bit forensic copy of computers, smartphones, hard drives and digital media with full chain of custody. Digital evidence admissible in court.

Request device acquisition WhatsApp

At a glance

Does the device contain the evidence you need? We acquire it without altering it: a bit-for-bit forensic copy, with cryptographic hashes and chain of custody, ready for court.

Certified bit-for-bit forensic copy
Original device left unaltered
Documented chain of custody
Want to know more?

Forensic acquisition of a device is fundamentally different from a simple backup. The bit-for-bit copy also captures deleted files, unallocated space and file system metadata. The original device is handled in a way that prevents any alteration to its content, and the exact correspondence between original and copy is demonstrated through cryptographic hashes. The entire process is documented in a report that guarantees the chain of custody.

Bit-for-bit forensic copy (imaging)
Acquisition from computers, laptops, servers
Acquisition from smartphones and tablets (Android and iOS)
Hard drives, SSDs, USB drives, SD cards
Hardware write-blocker to protect the original
Deleted file recovery and unallocated space analysis

Why choose this service

The original stays intact

We use hardware write-blockers: the device is never written to during acquisition. The integrity of the original is guaranteed and demonstrable.

Deleted files too

The bit-for-bit copy captures the entire disk, including unallocated space where deleted files, browsing history and data the user believed they had removed may still reside.

Admissible in court

Chain of custody, verification hashes and structured report: the case file is built to withstand challenges in legal proceedings.

What we acquire

Computers and laptops

  • • Windows, macOS, Linux desktops
  • • Corporate and personal laptops
  • • Workstations and terminals
  • • Event log and history analysis

Smartphones and tablets

  • • Android (all versions)
  • • iOS / iPhone / iPad
  • • Extraction of chats, photos, contacts, history
  • • Logical and physical acquisition

Storage media

  • • Hard drives and SSDs (SATA, NVMe, M.2)
  • • USB drives and external disks
  • • SD, microSD, CF cards
  • • NAS and network storage

Servers and cloud

  • • Physical and virtual servers
  • • Virtual machines (VMware, Hyper-V)
  • • Cloud accounts (with authorisation)
  • • System logs and audit trails

How it works

Forensic acquisition of a device is a very different process from copying files. Its purpose is to preserve the entire content of the media, including data invisible to the user, so that it is admissible as evidence.

Hardware write-blocker: Before any operation, the device is connected through a write-blocker - a hardware device that physically prevents any write operation on the media. The original is never altered.

Bit-for-bit imaging: We create an exact copy, sector by sector, of the entire media. Not just the visible files, but also unallocated space, deleted files, file fragments and file system metadata.

Hash verification: At the end of the acquisition we calculate a cryptographic hash of both the image and the original device. The match between the two hashes proves that the copy is identical to the original.

Chain of custody: Every step is documented: who took possession of the device, when, how it was stored, who performed the acquisition and with which tools.

What you can find on a device

A forensic acquisition can reveal information the user believed they had deleted:

  • Deleted files: documents, photos, emails removed from the recycle bin but still present on the disk
  • Browsing history: visited websites, searches, downloads even in private browsing mode
  • Chats and messages: WhatsApp, Telegram, Teams conversations, even if deleted from the app
  • Metadata: creation, modification and access dates for files, geolocation of photos
  • Connected USB devices: a registry of every USB device that has been plugged into the computer, with date and time
  • Accounts and sessions: logins to cloud services, email, corporate portals

Deliverables

  • Forensic image: bit-for-bit copy of the device in standard format (E01 or DD)
  • Verification hashes: cryptographic hash of the image and of the original device
  • Chain of custody: complete documentation of device handover and operations
  • Acquisition report: details of tools, procedures and results
  • Technical opinion: if requested, analysis of the contents relevant to the case

Other services Legal & Digital Forensics

Discover our other legal & digital forensics services.

🔬

Digital Forensics & Forensic Acquisition

Preservation of digital evidence with chain of custody, certified timestamp and evidentiary value. Expert witness reports for civil and criminal litigation.
🌐

Forensic Web & Social Media Acquisition

Preservation of web pages, videos, posts and social media content with chain of custody and certified timestamp enforceable against third parties. Digital evidence that holds up in court.
⚖️

Expert Witness (CTP): Party-Appointed Technical Consultant

IT expert witness for civil and criminal cases. Technical opinions, analysis of opposing party's acquisitions and courtroom assistance.
🔎

Corporate Digital Investigations

Internal investigations into disloyal employees, data leaks and misuse of company resources. Forensic evidence collection for disciplinary or legal action.
🚨

Forensic Incident Response

Preservation of digital evidence after a cyber attack. Evidence collection for law enforcement reports, insurance claims and post-incident analysis with chain of custody.

Ready to get started?

Contact us for a free consultation. We will help you find the best solution for your business.

Request device acquisition WhatsApp