Ohio University

Data Recovery & Forensic Services

The Information Security Office provides data recovery and forensic services to analyze systems and storage devices that have OHIO data loss, are suspected of being compromised, or used in an illegal or inappropriate manner.


  • Recovering lost, or deleted files 
  • Creating forensic copies of storage devices 
  • On-site source data (evidence) acquisition 
  • Detecting suspicious data in a computer’s memory, active registry and storage devices.
  • Gathering network information, such as the IP addresses connected to that device, the ports to which they are connected, and the applications that are associated with those ports.
  • Identifying processes that are running on the device, and for each process: 
    • The services or applications being used by those processes, and which user is responsible for them. 
    • Identifying the files that are open and who is accessing them.
    • For Windows, providing all the DLLs that are loaded.

Please note that the gathering of evidence requires that the systems or storage devices in question not be altered in any way, either through a reboot of the system, installing any software, or general exploration of the device. If such a situation should arise, physically remove the system from the network and request forensic assistance through the Information Security Office. 


Faculty, staff, students, and emeriti may request data recovery services.

The Information Security Office will only provide forensic services at the request of Ohio University Legal Affairs, Human Resources, OU Police Department, Internal Audit, Community Standards & Student Responsibility, or the Office of Equity and Civil Rights Compliance for investigation purposes.

How to Request

For immediate assistance, call the Information Security Office at 740-566-7233. Non-immediate action may be requested by email to security@ohio.edu.