Frank Meincke
seasoned investigator

Frank-Meincke.png

About Frank Meincke

Frank Meincke is a seasoned investigator who can conduct investigations in the real or digital world. He has been trained to conduct investigations, collect evidence and organize operations. He has always had had a passion for computers and how they function which lead him to work at a Computer Emergency Response Team overwatching a 45,000 node network spread throughout Europe. 

Frank Meincke is certified in the use of AccessData Forensic Toolkit, Guidance Software EnCase and ArcSight. He was trained by the US Department of Defense on digital forensics and was awarded the title of Certified Digital Forensic Investigator. Conducting analysis I use WireShark, RealSecure, ArcSight, McAfee Host Intrusion Prevention, SawMill and other tools to investigate network anomalies. 

Frank Meincke began a self-taught course for data recovery. Not satisfied with software solutions he purchased the PC-3000 Data Recovery Tool from Ace Laboratory. To understand the tool and build better data recovery procedures, he attended training with DeepSpar in Canada. Confronted with flash media failures, he purchased the PC3000 Flash data recovery tool and traveled to Ace Laboratory in Russia and was trained by the leading experts on Flash Media data recovery. All work is performed on location to include Read/Write Head Exchanges in a Clean Room Environment. 

As a leader, he has taken over teams which had high turnover rates and by truly caring for team members have changed 6 month section turn-overs into personnel remaining on-site for well over 5 years. These changes did not occur overnight but by active listening, performance counseling, tying each individual’s unique quality into the corporate strategic plan and removing as much of the “X” which hindered performance, everyone pulled together to ensure mission accomplishment. 

Now let Gefund-IT help solve your problems.

Kontakte


Gefund-IT Datenrettung

Daimlerstrasse 70
74545 Michelfeld
Deutschland

Telefon: +49-791-49 39 04 98

E-mail: A2ptZWxDZGZldm1nLmp3LWdm@nospam

Zertifikate

Certifications held by Frank Meincke

  • Department of Defense Certified Digital Forensics Examiner (DoD CDFE)
  • Encase Certified Examiner (EnCE)
  • AccessData Certified Examiner (ACE)
  • International Society or Computer Forensics Examiner, Certified Computer Examiners (ISCFE-CCE)
  • and too many to list!

Frank Meincke has attended over 1500 hours of training, which 750 hours were only for IT Forensics.

certificates-1.png

certificates-2.png

certificates-3.png

How Good is Good? Gefund-IT Turned the tables on the culprit!

The ultimate nightmare for any store owner.

One day a store owner came to our shop with 3 boxes filled with hard drives. All of his data was gone which included all of his backups, the backups to the backups as well as the production server. Though he did everything which far exceeded industry standards, a disgruntled employee may have had a hand in this disaster.

The server was well built using 2 hard drives for the OS (RAID1) and 6 hard drives for the internal RAID 5. The Network Attached Storage (NAS) was configured with 2 hard drives which was configured as RAID 0. The external hard drive was used to make copies of the backed up data as a second backup for safety. Now all of the data was no longer accessible and the owners existence relied on Gefund-IT to recover the data and to find out what caused this outage.

The first order of business was to make a clone of all drives, to preserve them for the following investigation. After the the clones were completed, we used the PC-3000 with the RAID enhancement to import all clones onto our server and found the original configuration and data. Someone had formatted the RAID Array into another File System which erased all of the original data. We then began scanning the original RAID configuration and was able to recover the file system as well as the virtual machines containing the customer‘s data. The customer was excited that we were able to get his virtual machines back to him in a short time, so that he could again open his shop.

IT Forensik RAID Festplatten Verbund, Datenrettung RAID
IT Forensik Festplatten Klonen

The Investigation begins


Now to find out what occurred that caused the catastrophic loss of data. We began examining the Server to determine what occurred to the file system. Through the date time stamps of the partition we could determine when the server’s RAID 5 was formatted into another file system and a review of the metadata from various files and folders we began developing a time line of events.

Using the clone drives of the backup NAS, we imported them into our PC-3000 with the RAID enhancement and began reconstructing the RAID 0 file system. This system was also reformatted into another file system. When we found the RAID parameters we began looking for what had occurred. At one point we discovered that the NAS no longer received the backup files and folders from the primary server on a certain date. We recovered the data and meta data from the NAS and continued to develop the time line for when it no longer received the backup data. When that was finished, we turned our attention back to the Primary Server.

We then imported the cloned drives of the server’s RAID 1 (OS) into the PC-3000 with RAID. Here we again determined that the RAID 1 configuration was formatted with another File System then the original should have been. We found the original file system, recovered the files and folders and began to examine the data according to the timeline which we developed.

IT-Forensik-Frank-Meincke.jpg

The source is identified!


Using the excellent Tech Support from ACE Laboratory, they were able to help me in identifying the dates and times the various devices were reformatted which helped to solidify the timeline of events.

In the end we were able to recover the customers critical data and get him back in business, conduct analysis of all of the drives (RAID) and configurations and most importantly, identify the one computer in the office that was used to log onto the different systems, manipulating them to cause the catastrophic outage.

Gefund-IT uses the PC-3000 RAID to solve complex cases and get businesses back in business!

IT-Forensik-Frank-Meincke.jpg
premium.svg

Premium Datenrettung

Die professionelle Datenrettung betroffener Festplatten ist in vielen Fällen die einzige Möglichkeit, um beschädigte oder gelöschte Daten wieder herzustellen. Hierfür sind entsprechende Werkzeuge und vor allem die jahrelange Erfahrung und das "Know-how" von Nöten.

Suchen Sie professionelle Hilfe zur Rettung Ihrer wichtigen Daten und Dateien, dann kontaktieren Sie uns!

empty