Evidence Collection & Preservation


We Can Recover Data From All Damaged, Corrupted & Infected Devices, Both Personal & Business

Digital Forensic Evidence Collection & Preservation Services

A defensible case starts with reliable evidence. This is why preservation is one of the most important aspects of digital forensics.  If a device is tampered with after a significant event, it is just like walking through a crime scene and leaving your fingerprints everywhere.  Our preservation and collection techniques are completely write-protected and verifiable with complex hash algorithms. Each collection is also tracked with strict chain-of-custody protocols to ensure all evidence accountability. This allows for a level of safety while we work to retrieve data from your mobile device.

A forensically sound collection is important whether you have a single mobile device or hundreds of computers in an organization.  We have the ability to quickly capture data from:

  • Email Servers
  • Desktop or Laptop Computers
  • Network Shares
  • Mobile devices
  • Backup devices

Reliable evidence is necessary to defend a case. To be able to have reliable evidence, data needs to be preserved well. This is one of the most important factors of digital forensics because if a device isn’t clean or if it has been tampered with, then it may destroy some of the data and make it difficult to analyze.

This digital data is retrieved with our mobile device data recovery processes. When our standard forensic tools fail to recover data, we use JTAG and chip-off level forensics.

Data Recovery

We Retrieve Your Data from Damaged, Hacked & Corrupted Devices, for Consumers & Business

Data Forensics/Investigations

We Recover Lost & Hidden Data on Devices & Accounts for Attorneys, Law Enforcement & Governments

Flashback Data™ Is Recognized for Data Recovery Expertise:

What Data Can be Retrieved from These Devices?

Desktop and laptop computers hold a large amount of information. Our data recovery services can retrieve data such as emails, search histories, and online documents. It is possible to retrieve deleted data as well. When data is found to support a legal case, it is used as potential evidence to work against an offender.

We can retrieve files from network shares. This can also apply to deleted files. On mobile devices, data recovery may result in retrieving text messages, phone logs, photos, GPS location and search histories from mobile search engines. This data can also be used as evidence in a court case. However, when these methods don’t work, it’s time to turn to JTAG and chip-off level forensics.

J-Tag & Chip-Off Forensics

Flashback data use several advanced techniques in our data recovery lab to assist our forensic investigators with their investigations when our standard forensic tools either do not support a device or cannot get past a passcode-locked device, including J-Tag and Chip-Off forensics.

What is JTAG?

JTAG (Joint Test Action Group) is a data extraction process where wires are connected to Test Access Ports (TAPs) on a mobile device and raw data is transferred to connected memory chips. When the device is supported, this is an excellent technique to retrieve data.

What is Chip-Off Forensics?

When JTAG doesn’t work, data recovery can be achieved through chip-off forensics. This is a more advanced technique that requires physically removing the memory chip from the device. This is a method with a high success rate, but it is usually a last resort because it is more invasive. However, it works on almost every device, no matter how advanced the damage.

By collecting evidence and preserving it well, we can safely retrieve data from your mobile device.

Learn About The Data Recovery Process

A customer service representative will give you a scenario-based quote and explain how the process works. We also provide a time estimate depending on your chosen service level. We offer many options from low-cost and low-priority to emergency and same-day service.

The first step to data recovery is filling out paperwork electronically or manually. After the job is checked into the system, we send you an email and call you when your media has arrived. The email will contain a username and password so you can check your recovery job’s status throughout the process.

Next, our technicians will diagnose your device. After they have discovered how to recover data from your device, you will receive a quote of the costs and you can either deny or accept the quote.

When you accept the recovery quote, we start the recovery process. After it is completed, we will send you a file listing to verify the recovery. We will review and approve the file listing and place the recovered data on another form of media. We will then ship the data back to you or you can choose to pick it up.


Flashback Data has worked for clients around the world since 2004 on sensitive incident investigations

and forensic data recovery services. We have worked for corporations, law firms, and foreign governments.

We have a ISO/IEC 17025:2017 laboratory that is accredited by the American Society of Crime Laboratory Directors. We also have several certifications:

  • Certificate | ALI-113-T
  • Field of Accreditation | Forensic Science Testing
  • Discipline | 9.0 Digital and Multimedia Evidence

Our personnel are experts in law, criminal investigation, intelligence, fraud examination, and information systems and security, and our forensic examiners are highly credentialed in many fields.

If you have devices you need collected please contact us at 866.786.5700 today to speak with someone about your project.