Sigreturn Labs
Contact
When data goes missing or a system is breached, two questions matter: what can be recovered, and what actually happened. We answer both. That means logical data recovery on disks and flash media, and full digital-forensic investigations, each carried out on verified copies and documented to evidentiary standard.
Two complementary disciplines, one disciplined method.
Logical recovery from media that is electrically sound but no longer gives up its data, after accidental deletion, a reformat, a botched partition change, or a corrupted file system. We image the device first and work only from that copy.
Post-incident forensics on workstations, servers, and storage. From the artefacts on disk and in the logs, we establish how an intrusion happened, what the attacker touched, and what left the building.
The same four steps, whether we are recovering data or investigating an incident.
We agree on the media or incident, the questions to answer, and any legal or time constraints.
A bit-for-bit, hash-verified image. The original is sealed, and all work happens on the copy.
Recovery or investigation against the agreed goals. Methodical, repeatable, and logged.
Findings written up in full, from executive summary to raw technical appendix.
Everything we find, and how we found it, written to stand up to scrutiny.
We perform logical recovery on electrically healthy media, not cleanroom or chip-off hardware recovery. Straightforward physical fixes, such as re-soldering a detached USB connector, we handle in-house. Where there is genuine physical damage, we tell you up front. Full reverse engineering of any malware we uncover is available as a separate Reverse Engineering engagement.
Tell us what happened. We will tell you what is recoverable and what we can establish.