For data storage device-based assignments (such as HDD forensics and mobile phone forensics), acquiring a forensically-sound image of the original data is usually the next step after the initial case background discussion and planning.
Acquiring a forensically-sound data image is key to collecting a full copy of the raw data source, including existing files on the source and the data structure of deleted files which are potentially recoverable.
For this to be possible, the client must have control over the computer and therefore it is most suitable for internal investigations (such as fraud and data leakage cases). In these cases it is usually possible to find irrefutable evidence of misconduct, as well as additional information which assists in the identification of other suspects in a fraud network.
In cases where companies simply require the raw data to reconstruct the concerned information (e.g. accounting data), Grapevine can assist in collecting the image of the raw data in Asia/China, as well as assembling and organizing specified files as required.