Skip to content
Veteran-Owned. Built by engineers who've actually done the work.
Service · Digital Forensics

The truth of what happened. Preserved, analyzed, defensible.

Forensic investigation for breach determination, internal investigation, employee misconduct, and litigation support. Reports built to withstand regulatory scrutiny and courtroom challenge.

Schedule a ConsultationSee Pricing

60% of all breaches involve a human element. Phishing, social engineering, or insider action.

Verizon 2025 Data Breach Investigations Report

What Digital Forensics Covers

Forensics is about evidence. Every action we take preserves the chain-of-custody required for the report to hold up under regulatory inquiry, insurance review, or litigation.

Preservation
Evidence Collection
Disk images, memory captures, log preservation. Cryptographically hashed and chain-of-custody documented from collection forward.
Investigation
Root Cause Determination
How the incident started. What systems were touched. What data was accessed or exfiltrated. Reconstructed with evidence.
Mobile
Mobile Device Forensics
iOS and Android forensic acquisition and analysis. Useful for executive compromise investigations and insider threat cases.
Cloud
Cloud Forensics
Forensic analysis of M365, Google Workspace, AWS, and other cloud environments. Different rules, same evidence standards.
Reporting
Defensible Report Output
Reports written for the audience: counsel, board, regulator, or court. Plain language with technical appendix.
Testimony
Expert Witness Support
Available to provide deposition or trial testimony on forensic findings when matters proceed to litigation.
How a Forensic Engagement Runs

From engagement to final report. Timeline depends on scope, but most engagements close in two to six weeks.

Step 1
Scope
Define what's being investigated, the questions to answer, and the systems in scope. Document the engagement letter.
Step 2
Acquire
Forensically sound collection of evidence. Disk, memory, logs, mobile, cloud. Hash-validated and chain-of-custody documented.
Step 3
Analyze
Examination by certified forensic engineers. Timeline reconstruction, artifact analysis, attribution where possible.
Step 4
Report
Final report delivered to you and your counsel. Defensible, plain-language, technically rigorous, audience-appropriate.
Why Carbynix for Forensics

Forensic work is judged on whether the evidence holds up. Ours has.

Federal-Grade Methodology
Methodology rooted in DHS, CISA, and DoD forensic practice. Built for adversarial examination, not just internal review.
Evidence-First Discipline
Every action is documented. Every artifact is hashed. Every report includes the methodology so the work can be independently validated.
Regulatory and Legal Fluency
We've produced reports for HIPAA OCR inquiry, state attorney general investigation, insurance subrogation, and civil litigation. We know what each audience needs.
Integration with IR and MDR
When forensics is part of an active response, the same team handles both. No handoffs. No discovery delay. No evidence gaps from rushed transitions.
How to Engage Forensics
Standalone Engagement
Contact for quote

Scoped forensic engagement for breach investigation, internal investigation, employee misconduct, or litigation support.

  • Custom scope based on questions to answer
  • Fixed-fee or hourly engagement structures available
  • Final report delivered to you and counsel
  • Expert witness availability if matter proceeds
Included with Fortress IR
Included

When forensics is part of an active incident response under Fortress, basic forensic collection and analysis are included in the IR retainer hours.

  • Disk, memory, and log preservation included
  • Root cause analysis included
  • Extended forensics (mobile, deep cloud, multi-system) available at retainer rates
  • Chain-of-custody preserved from incident detection forward
Common Questions
Are your forensic engineers certified?
Yes. Our forensic engineers hold certifications relevant to their practice and federal engineering & forensic background.
Will your report hold up in court?
Forensic methodology and chain-of-custody discipline are built to withstand adversarial examination. Whether a specific report holds up depends on the case, but we follow practices designed for defensibility from the first artifact collected.
Can you investigate without alerting the subject?
Yes. Covert forensic collection is standard for insider threat and employee misconduct investigations. We work with your counsel and HR to ensure the investigation does not compromise downstream legal action.
What about cloud-only environments?
Cloud forensics is in scope. M365, Google Workspace, AWS, and others have different acquisition methods than on-premise systems, but the evidence standards are the same.

When you need to know exactly what happened.

Forensic engagement starts with a scoping conversation about what you need to know and what audience the report needs to satisfy.

Schedule a ConsultationSee All Services