A Computer Forensic Investigation process includes identification of computer terminals which are compromised or where actual crime has happened. Investigation includes but not limited to

Extracting volatile data

  1. Data from RAM

  2. Running processes and services

  3. Logged On users

  4. System details

  5. Command history

  6. Open Files

  7. Network Connections

  8. Open ports

  9. Clipboard content

Extracting non-volatile data

  1. Data from hard disks

  2. Data from removable devices

  3. Windows registry

  4. Firewall logs

  5. Antivirus Logs

  6. Windows event Logs

  7. Web server Logs

  8. Database Logs

  9. Social Media evidence

  10. Extracting data from various file systems

IWM follows due adherence to standard policies and procedures to extract evidence from the compromised system which can be produced as evidence to the authority.