Our Electronic Discovery and Digital Forensic Evidence Examination service is highly regarded as independent, honest, fair, and uncompromising in our search for and honest factual examination of digital forensic evidence. We have built up tools, techniques, and facilities over a period of many years, and we have a strong track record of advancing the state of the art in the examination of and challenges to digital forensic evidence. For more details on our overall approach and methodology, see our clickable diagram on digital forensics.
Our policy on this work is that we will work on any case for any participant as long as: (1) they pay our fees, and (2) we are allowed to seek the truth and present our results in a truthful, fair, complete, and honest manner. We have worked for law enforcement, government, corporations, and defendants, and we do work for indigent defendants as court appointed experts. We believe strongly in the need for fair and honest examination and presentation of factual information about digital evidence. We limit our interpretation to identifying what can and cannot be determined from the available facts and do not enter into baseless speculation. We believe that, in most cases, the best way to be certain of our interpretation is by doing digital crime scene reconstruction, and we rely heavily on experimental methods to confirm or refute our hypotheses about cases.
Here are some examples of recent cases:
In a series of cases related to unsolicited commercial emails and illicit message service uses, we worked both for plaintiffs and defendants to assure that the evidence presented meets the requirements of the legal system and actually shows what it is purported to show. In the defenses, we have consistently shown that complainants who created businesses for the purpose of generating law suits failed to demonstrate that the defendants were responsible for the emails, and in some cases, showed that the evidence was fabricated. On the plaintiff's side, we have helped to track down emails and postings to the real sources and properly attribute actions to those responsible for them, and in some instances, helped to bring these individuals into the criminal system for illegal acts they appear to have perpetrated.
In a recent case involving allegations of financial fraud we were able to show that the basis for the allegations was an inaccurate depiction of a situation in time that never actually existed. This was caused by the incorrect interpretation of information provided by "The WayBack Machine", a commonly used source of evidence that, if improperly applied, tends to give wildly wrong impressions of historical facts.
In a recent effort, we worked with a prosecutor's office, we helped nail down the specifics of apparent criminal acts perpetrated in a large-scale denial of use case by an insider who asserted that he was only seeking to protect the enterprise by locking out all of the other systems and network administrators and encrypting the internal information so that only he could read it. As the investigation continued, it turned out that he did a great deal more than this.
In a recent case for a defendant in a financial crimes case, we were able to identify additional evidence from files that the prosecution expert missed and able to settle some issues that were previously speculative with regards to sequences of events that took place. This involved a reconstruction of a network of systems from the late 1990s and the creation of sample event sequences that revealed, among other things, flaws in two commonly used forensic tools regarding date and time information, alterations of forensic data by one of those tools, and unfounded assumptions made by an expert for the prosecution.
In a recent case for law enforcement, we provided assistance to an investigator on collection and analysis of network traffic at remote sites. This involved helping them set up a forensically sound and secure remote monitoring station for use in collecting and sifting through large volumes of traffic data to track the activities of a suspect.
In a recent case, we were asked to search systems of a set of recently terminated high level employees to find missing business documentation. We soon found out that they had been running another from within the corporation. By the time we were done, this case involved grand theft, immigration violations, embezzlement, securities fraud, timecard fraud, and a variety of civil litigate matters. This case is still working its way through the legal system.
One case involved insiders leaking company confidential information to the Internet in a forum that was used to discuss stock buying and selling. We provided real-time on-site monitoring of Internet traffic combined with back-end analysis using a parallel processing capability in our facility to collect and secure evidence of activities, selectively extract traffic from users involved in this activity, determine their identities based on our ability to rapidly decrypt proxy server user identity information, and generate logs of the specific activities performed at specific times by specific individuals. The result was that the activity was stopped and the employees involved disciplined.
Another case involved a critically positioned married couple who resigned from a company on the verge of a major financial move. We seized their information systems and began analysis to (1) assure that company records were secure and accessible, (2) determine if any inappropriate information was in their possession, and (3) provide legal recourse in case of future dispute. In this case, we rapidly determined passwords used by the employees to secure data but not provided to the corporation upon resignation despite requests for it, recovered data from a palmtop computer that had been intentionally erased, and secured information for future use. No adverse impact on the business resulted.
In one case, we were asked by a federal agency to analyze a software script used in a covert information theft case involving millions of dollars and thousands of emails. Our analysis demonstrated definitively that the script would produce illicit copies of private data and exfiltrate them to the people who implemented the script. The result was a very cooperative defendant and a guilty plea by all of the participants.
Our skills, experience, expertise, and facilities provided the means to resolve these and many other cases to the benefit of our clients. They can help you meet your digital forensic needs as well.
Standard Warning: From time to time, council in cases have tried to engage us to support a position that was untenable. Our policy on this is simple. If you are looking for an advocate for a position, look elsewhere. If you seek the facts and want an honest and fair interpretation of those facts, we may be able to help you.
Here is a report from a widely publicized 2009 case.