About Frank Meincke
Frank Meincke is a seasoned investigator who can conduct investigations in the real or digital world. He has been trained to conduct investigations, collect evidence and organize operations. He has always had had a passion for computers and how they function which lead him to work at a Computer Emergency Response Team overwatching a 45,000 node network spread throughout Europe.
Frank Meincke is certified in the use of AccessData Forensic Toolkit, Guidance Software EnCase and ArcSight. He was trained by the US Department of Defense on digital forensics and was awarded the title of Certified Digital Forensic Investigator. Conducting analysis I use WireShark, RealSecure, ArcSight, McAfee Host Intrusion Prevention, SawMill and other tools to investigate network anomalies.
Frank Meincke began a self-taught course for data recovery. Not satisfied with software solutions he purchased the PC-3000 Data Recovery Tool from Ace Laboratory. To understand the tool and build better data recovery procedures, he attended training with DeepSpar in Canada. Confronted with flash media failures, he purchased the PC3000 Flash data recovery tool and traveled to Ace Laboratory in Russia and was trained by the leading experts on Flash Media data recovery. All work is performed on location to include Read/Write Head Exchanges in a Clean Room Environment.
As a leader, he has taken over teams which had high turnover rates and by truly caring for team members have changed 6 month section turn-overs into personnel remaining on-site for well over 5 years. These changes did not occur overnight but by active listening, performance counseling, tying each individual’s unique quality into the corporate strategic plan and removing as much of the “X” which hindered performance, everyone pulled together to ensure mission accomplishment.
Now let Gefund-IT help solve your problems.
Frank Meincke has attended training in Switzerland, Russia, USA, Germany, Canada, Poland in Computer Forensics and Data Recovery amassing over 1500 hours of training.
Sicherheit im Unternehmensnetz
Industrie-und Handelskammer Schwarzwald-Baar-Heuberg
Determine physical and logical security for Corporate Networks, Identify various Attack methodologies, how to detect, remediate and to prevent them with various tools.
Datenshutzbeauftragter (Data Protection Officer)
Industrie-und Handelskammer Schwarzwald-Baar-Heuberg
The DSB demonstrates competence in overall data protection, german data laws, and how to help organizations better protect their assets and Personal data
Certified Information Systems Security Professional #68443
International Information Systems Security Certifications Consortium
The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP® CBK®
Certified Computer Examiner #584
The International Society of Forensic Computer Examiners
Certified in the Forensic examination of DOS, Windows 3.x/95/98/2000/XP/Vista computer operating systems
Certified EnCase Certified Examiner #15-0709-3133
Certified in the use and function of encase Pasadena, CA
Bundesverband Freier Sachverständiger e.V
EDV Beweismittelsicherung und -auswertung, IT - Security, IT – Systeme Düsseldorf, DE
Certified Data Recovery Professional
Knowledge, Skills and abilities to recover data from storage media Elmwood Park, IL
Microsoft Certified Systems Engineer
Microsoft Corporation Redmond, Washington
expertise in designing and implementing the infrastructure for business solutions based on the Microsoft Windows 2000 Server platform and Windows Server System
GIAC Certified Incident Handler (GCIH)
SANS (SysAdmin, Audit, Network, Security) Institute Bethesda, Maryland
knowledge, skills, and abilities to manage incidents; to understand common attack techniques and tools
Department of Defense Certified Digital Forensics Examiner
United States Department of Defense Lithicum, MD
Certified to conduct forensic examinations across DoD
AccessData Certified Examiner
AccessData Corportation Lindon, Utah
Certified in the use and function of accessdata forensic toolkits
Frank Meincke has participated in more than 1500 training hours, 750 of which were dedicated to IT forensics only.
How Good is Good? Gefund-IT Turned the tables on the culprit!
The ultimate nightmare for every shopkeeper.
One day a shopkeeper came into our shop with 3 boxes filled with hard drives. All his data was gone, including all his backups, the backups to the backups and the production server. Although he did everything that went far beyond industry standards, a disgruntled employee may have been involved in this disaster.
The server was well constructed with 2 hard drives for the operating system (RAID1) and 6 hard drives for the internal RAID 5. The network attached storage (NAS) was configured with 2 hard drives configured as RAID 0. The external hard drive was used to make copies of the backed up data as a second backup for security reasons. Now all data was no longer accessible and the owner's existence relied on Gefund-IT to recover the data and find the cause of this failure.
The first task was to create a clone of all drives to save them for the following investigation. Once the clones were complete, we used the PC-3000 with the RAID extension to import all the clones to our server and found the original configuration and data. Someone had formatted the RAID array to a different file system, which deleted all the original data. We then began scanning the original RAID configuration and were able to recover the file system and virtual machines that contained the customer's data. The customer was thrilled that we were able to get their virtual machines back to them in a short period of time so they could reopen their business.
The Investigation begins
Now we want to find out what happened that caused the catastrophic data loss. We started to examine the server to find out what happened to the file system. Using the partition's date/time stamps, we were able to determine when the server's RAID 5 was formatted to a different file system, and after checking the metadata from various files and folders, we began to develop a timeline of events.
Using the clone drives from the backup NAS, we imported them into our PC-3000 with the RAID expansion and started to reconstruct the RAID 0 file system. This system was also reformatted to another file system. Once we found the RAID parameters, we started searching for the events. At some point, we noticed that at a certain point, the NAS was no longer receiving the backup files and folders from the primary server. We recovered the data and metadata from the NAS and further developed the timeline for when the NAS stopped receiving the backup data. When this was completed, we turned our attention back to the primary server.
Then we imported the cloned drives of the server's RAID 1 (operating system) into the PC-3000 with RAID. Again, we found that the RAID 1 configuration was formatted with a different file system than the original should have been. We found the original file system, recovered the files and folders, and began examining the data according to the timeline we developed.
The source is identified!
With the help of ACE Laboratory's excellent technical support, they were able to help me determine the dates and times when the various devices were reformatted, which helped to solidify the chronology of events.
In the end, we were able to recover the client's critical data and get him back in business, perform an analysis of all the drives (RAID) and configurations and, most importantly, identify the one computer in the office that was used to log on to the various systems, manipulating them to cause the catastrophic failure.
Gefund-IT uses the PC-3000 RAID to solve complex cases and get businesses back in business!
Premium Data Recovery
The professional data recovery of affected hard disks is in many cases the only way to recover damaged or deleted data. This requires appropriate tools and above all years of experience and "know-how".
If you are looking for professional help to rescue your important data and files, then contact us!