• Determination of both exculpatory (they didn't do it) and inculpatory (they did it) evidence
• User data/last logged in user/user preferences/user names and passwords/wallpaper/screensaver/desktop themes of user
• ZipMost recent documents opened/extracted WIN Zip file data
• Most recent dynamic disk on installed on system (USB drive, etc)/Lists all system USB devices installed
• Most recent list if IE & Google search terms/most recent "run" commands in Windows Run box
• Most recent documents in Windows  Start Menu
• Last log in/out time of users
• Last system startup & shutdown:Time and date stamped
• Current system IP address and gateway information/Current system domain & host
• Information about default printer/ Current and prior mounted devices in system/Computer name listed in System Properties
• Date Operating System was installed/installer's information
• Last logged in Internet user/user name
• Internet URL's  (websites) visited/Internet history/web cache/Chat rooms visited & created/Instant Message environment
• Instant Message contacts/buddy lists/Internet Explorer saved settings/Recently contacted buddies
• Show custom and default "away messages"
• Determine if a hard drive was formatted, including date & time stamp
• View Cookies/Reconstruct cached pages, including E-mail & attachments
• Search cache and Internet history for specified "keywords"
• Extract Internet History with dates and times from unallocated space
• Evidence from the following web browsers:Internet Explorer 3, 4, 5 & 6 & MAC IE Browser
• Netscape Communicator / Navigator up to 4.80 & Apple Mac Netscape Bookmark,Netscape 6, 7 and 8, Netscape 6, 7 and 8 Mozilla Browser / FIREFOX / AOL, ARL File, MAC, Safari, Opera

• TMD maintains the integrity of the original media. This would entail the examiner making a "bit stream Image" of the hard drive or digital media involved.  The copy is examined by the examiner, NOT the original, thus preserving the chain of evidence, and preventing any possible alteration or contamination of the original media/evidence. TMD ensures the copy is authentic, and performs an algorithm integrity hash check (MD5 /SHA Hash Values) which simply means the copy is an exact byte for byte replica of the original.
• TMD adheres to the National Institute of Standards (NIST) procedures in regards to "disk-imaging" specifications in computer forensic investigations.
• ALL software used by TMD has been acquired through valid user licenses, or is authorized for use, and are registered to TMD Computer Forensics. This is extremely important to insure evidence acquired will have VALIDITY in court and other legal forums.
• TMD follows and adheres to standard Forensic Examination Standards, and Code of Ethics in computer forensics that are recommended by the International Association of Computer Investigative Specialists  (IACIS).  
• TMD establishes and maintains a valid and documented "Chain of Custody" at all times in regards to any digital media or other evidence involved in the case.
• TMD protects the subject computer system, and the digital media during the forensic examination from any possible alteration, damage, data corruption, or virus introduction
• TMD ensures that any attorney/client information that is inadvertently acquired during a forensic examination is ethically and legally respected and not divulged contrary to law
• All examination equipment, facilities, and digital media used by TMD is ensured to be "Forensically Sterile" and has been personally inspected and validated by TMD Computer Forensics.
• TMD Analyzes all possible relevant data, including areas of the media or disk including typically inaccessible areas to the user) called "unallocated space". Reveals hidden files as well as temporary or "swap files". Host Protected Areas (HPA) if applicable are found and examined.
• Transmits all relevant data to the client. A listing of all files found on the media are made, as are copies of all relevant data found related to the scope of the examination. Data is typically copied out to CD or DVD media and transmitted to the client.
• Provides an expert report on findings and conclusion. TMD concludes the examination with a professional expert report, documenting all relevant evidence, findings and conclusions within the scope of the requested examination.  This report complies with the Federal Rules of Evidence (FRE) , Federal Rules of Civil Procedure and Evidence Rule 26 (FRCPE) and the District of New Jersey Local Rule 26.1(d).
• Provides expert consultation and testimony, if needed, at depositions, trail or any other legal or formal proceeding.