iMes IT-Forensik - betrieblicher Investitions- und Datenschutz

IT-Forensik: Computersicherheit außerhalb und innerhalb des Unternehmens

In cases, where data disappear or spyware is suspected,  progressive IT forensic methods are required. Over the past few years, IT forensic/data forensic has developed from a special discipline used for investigation purposes to an important tool for all operators of IT systems.


IT forensic is an important sector using a variety of modern methods for the reconstruction of crimes and resulting in the conviction of the perpetrators.

This makes IT forensic an important tool for any concept dealing with computer security of a company. Decisive parts or sections of the forensic process are




  • Computer security within and outside the company
  • Protection of investment
  • Effective IT security concept
  • Reconstruction of lost data
  • Electronic discovery of security-related events
  • Discovery of cybercrime


In IT forensic, there is a general differentiation between post mortem analysis (offline forensic) and live forensic (online forensic). Any analysis using forensic requires a predefined process of incident handling.


  • Identification
    • Documentation of the status quo
  • Data saving and recovery
    • Check of digital data integrity
    • Maintenance of a chain of evidence of central tasks
    • Creation of a forensic copy (images)
  • Recovery
    • Deeskalation
    • Maintenance of normal operations
  • Analysis
    • First analysis after data backup
    • Illustration and examination of data
    • Evaluation of sources of incident
    • effects of the occorred incident
  • Processing and presentation