Digital Forensics & e-discovery Services

Similar documents
Computer Forensics and Investigations Duration: 5 Days Courseware: CT

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

Case Study: Hiring a licensed Security Provider

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing.

An overview of IT Security Forensics

E- Discovery in Criminal Law

Best Practices in Electronic Record Retention

How To Be A Computer Forensics Examiner

Digital Forensics for Attorneys Overview of Digital Forensics

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Computer Forensics Preparation

Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI)

S. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine:

IN THE COURT OF CHANCERY OF THE STATE OF DELAWARE ) ) ) ) ) ) ) ) ) STIPULATION AND [PROPOSED] ORDER GOVERNING EXPERT DISCOVERY

Journal of Digital Forensic Practice

Clearwell Legal ediscovery Solution

What You Should Know About ediscovery

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Digital Forensic Techniques

e-discovery Forensics Incident Response

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover

Computer Forensic Capabilities

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Digital Forensics, ediscovery and Electronic Evidence

Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013

Computer Forensics as an Integral Component of the Information Security Enterprise

plantemoran.com What School Personnel Administrators Need to know

EC-Council Ethical Hacking and Countermeasures

Information Technology Cyber Security Policy

Certified Digital Forensics Examiner

Case 9:14-cr KAM Document 135 Entered on FLSD Docket 07/27/2015 Page 1 of 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA

Chapter 7 Securing Information Systems

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

Piec ing together financ ial puzzles

E-Discovery Quagmires An Ounce of Prevention is Worth a Pound of Cure Rebecca Herold, CISSP, CISA, CISM, FLMI Final Draft for February 2007 CSI Alert

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

E-Discovery and Data Management. Managing Litigation in the Digital Age. Attorney Advertising

CYBER FORENSICS (W/LAB) Course Syllabus


INDIANA FALSE CLAIMS AND WHISTLEBLOWER PROTECTION ACT. IC Chapter 5.5. False Claims and Whistleblower Protection

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

When E-Discovery Becomes Evidence

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

ACADEMIC AFFAIRS COUNCIL ******************************************************************************

APPENDIX B TO REQUEST FOR PROPOSALS

Open Source Digital Forensics Tools

Standard: Information Security Incident Management

Hong Kong High Court Procedure E-Discovery: Practice Direction Effective September 1, 2014

CAPABILITY STATEMENT LEGAL TECHNOLOGIES AND COMPUTER FORENSICS. DECEMBER 2013

Acknowledgments Introduction: Welcome to the Labyrinth. CHAPTER 1 Gathering the Evidence 1. CHAPTER 2 Third-Party Experts 25

Overview of Computer Forensics

InfoSec Academy Forensics Track

Digital Forensics Services

E-DISCOVERY & PRESERVATION OF ELECTRONIC EVIDENCE. Ana Maria Martinez April 14, 2011

HOUSE BILL NO. HB0106. Medical malpractice-use of expert witnesses. A BILL. for. AN ACT relating to medical malpractice actions; providing

Ten Deadly Sins of Computer Forensics

OCTOBER 7, 2015 SMALL BUSINESS ADVISORY REVIEW PANEL FOR POTENTIAL RULEMAKING ON ARBITRATION AGREEMENTS

Are Mailboxes Enough?

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND. v. * Civil Action No.: RDB MEMORANDUM OPINION

Scene of the Cybercrime Second Edition. Michael Cross

Keith Barger MFS, MCSE, CCE

CCE Certification Competencies

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/ Fax: 802/

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

UNDERSTANDING E DISCOVERY A PRACTICAL GUIDE. 99 Park Avenue, 16 th Floor New York, New York

CERTIFIED DIGITAL FORENSICS EXAMINER

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Addressing Abusive Lawyer Conduct in Relation to Litigation Proceedings

CFF Content Specification Outline

Discussion of Electronic Discovery at Rule 26(f) Conferences: A Guide for Practitioners

Subscribe to Credit Monitoring and/or Submit a Claim Form to get benefits. EXCLUDE YOURSELF

Ernesto F. Rojas CISSP, DFCP, IAM, IEM, DABRI, PSC, MBA

How To Write A Hit Report On A Lawsuit Against A Company

Computer Hacking Forensic Investigator v8

HOBS OVERVIEW INTRODUCTION

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

How To Process A Small Claims Case In Anarizonia

Transcription:

Digital Forensics & e-discovery Services

U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities and legal issues of extracting and analyzing electronic evidence. Our expertise ranges from computer, PDA and mobile phone hardware to operating systems that manage personal computers, network servers, and Internetwork devices such as routers, firewalls, and intrusion detection systems. Our global network of specialists work to assure that evidence is acquired in a forensically sound manner and to ensure court admissibility. Furthermore, throughout the forensic investigative phase, our experienced analysts utilize established software, forensic hardware tools and industry best-practices. As the process moves into the litigation stage, U.S. Security Associates (USA) will team up with counsel to perform forensic analysis, e-discovery and court certified expert witness testimony. Related services include: Electronic Evidence Acquisition Investigative and Financial Data Analysis e-discovery Advisory & Relativity review Intellectual Property Risk Control Litigation Support Expert Witness Testimony Data and Computer Security Assessments As data kept in electronic devices has become essential in legal proceedings, so has the area of electronic discovery. e-discovery entails the collection of electronic data produced through digital forensics and/or non-forensic means such as court ordered production requests. Unlike the investigative and computer "autopsy-like" disciplines of digital forensics which is focused on finding documents which may have already been deleted or hidden, electronic discovery usually

deals with large amounts of readily available information stored in computers which needs to be collected utilizing sound practices and copied to a retrievable media. Once collected, the documents are processed and staged for review by legal teams, which involves document classification, highlighting, searching, redacting, etc. Finally, the actual production of relevant documents to be used in legal proceedings. U.S. Security Associates offers end-to-end electronic discovery services including designated experienced practice managers and an award-winning web-based review platform. As a tier-one provider, U.S. Security Associates offers the legal profession the ability to handle their complex matters involving extremely large data sets. Additionally, U.S. Security Associates platform is architected to easily export to other popular litigation management software such as Concordance and Summation. With over 13 years and a thousand cases, U.S. Security Associates is a proven industry leader. Referenced below are select cases handled by U.S. Security Associates professionals: Former Account Executive Leaves and Copies Intellectual Property from Plaintiff's Systems Engaged by Plaintiff to determine if former account executive breached his employment contract. Forensically imaged the Subject's computer using Logicube's MD5. Staged and analyzed the forensic images in Encase. Through basic registry analysis, log files and examination of file date and time stamps, established that the user had in fact misappropriated sensitive client information by copying the data to a USB thumb-drive. The Windows Link files revealed that the user had accessed the client contact information from the USB drive after it was copied. Provided Expert witness testimony.

University and Threatening E-mail Assisted local university in tracing a threatening e-mail received by a professor. Obtained e-mail headers and examined the SMTP routing. USA determined the identification of the ISP and provided client with advisory services on how to proceed, which was to file a lawsuit and obtain a subpoena duces tecum for records from the ISP and the web-based e-mail services provider. FTC Shuts Down Websites Accused of Processing Stolen Credit Cards Hired by Court appointed Receiver on behalf of the Federal Trade Commission to assist in the seizure of a web hosting company which hosted many pornographic sites. The Defendant was accused of processing stolen credit cards. The day of the seizure, U.S. Security Associates entered as the digital forensic specialist for the Receiver and shutdown all remote connectivity. In addition, U.S. Security Associates obtained all login credentials and worked with FTC digital forensic specialists in the acquisition of workstations and logical acquisitions of MySQL Server based tables containing billing information. U.S. Security Associates performed velocity analysis of billed credit cards to identify trends of frequently used cards, and calculated revenue for varying periods. As a support role for the FTC, U.S. Security Associates provided results of analysis and copies of the billing records for the FTC to stage on their systems. Hotel Operator v Hotel Owner USA s role in the matter was to perform forensic analysis and expert witness testimony on behalf of Defendant. The Plaintiff alleged Defendant was gaining unauthorized access to the Plaintiff s computer network, and thus to e-mail and other proprietary and confidential materials located on the network, in violation of various statutes. USA s forensic analysis was primarily focused on firewall forensics, which entailed analysis of firewall logs and identifying and classifying rejected packets to determine nature of rejections. Analysis was performed on electronic evidence provided by Plaintiff, and the case involved a few hearings and ultimately went to trial. Provided expert witness testimony. Resort Reservation Management Company v Former Employees for Theft of Intellectual Property (Source-Code) Hired by the Plaintiff in this case, U.S. Security Associates was asked to carry a court order and forensically image computers from Defendant s operation. Thereafter, U.S. Security Associates was directed by Plaintiff counsel to determine if the source-code of the reservation management system originated or was the genesis of the Plaintiff s reservation system. The lawsuit entailed allegations that a former computer programmer

and sales executive started up a competing company after the non-compete period lapsed, but used Plaintiff s reservation software system as the core for their system. USA assisted counsel on drafting the motion for the forensic acquisition protocol, and carried it out on the computers. Thereafter, U.S. Security Associates staged the Plaintiff s system and the Defendant s SQL Server based system side-by-side for GUI comparison. U.S. Security Associates ran keyword searches using Encase on Plaintiff s servers and developer workstations to ascertain if Plaintiff source-code existed. U.S. Security Associates then proceeded to examine the data schema of Defendant s SQL tables and compared them to the Plaintiff s data structures and noted that through the order and case (upper/lower) that the Defendant s tables were created from either an import of the Plaintiff s files or simply typing the field names while viewing Plaintiff s files. Defendants deposed U.S. Security Associates on all computer related aspects of the case. Thereafter, U.S. Security Associates provided expert witness testimony in one hearing where it successfully demonstrated that the developer had changed the date on his workstation to deceive the Plaintiff in this case. Furthermore, U.S. Security Associates illustrated that the Defendant used a CD to burn a copy of the Plaintiff s source-code just prior to handing the computer over for forensic imaging. International Bank Defrauded of $150,000,000 + (Civil & Criminal) U.S. Security Associates role was to act as the digital forensic specialist for a Court appointed receiver, which was a forensic accounting firm. U.S. Security Associates was on the scene when the operation was seized and assessed the technical environment to disconnect all remote connectivity and preserve all of the electronic evidence. Thereafter, U.S. Security Associates supported the receiver, and the FBI with general e-discovery and providing images and reporting from the AS/400 and various servers and workstations. The case involved a factoring company, which borrowed funds from the bank, and after defaulting on the loans a lawsuit was filed. The lawsuit alleged that owners of the factoring company had swindled funds to other companies owned by them. Upon arrival U.S. Security Associates assessed the environment and disconnected routers and modems. Thereafter, servers and workstations were shutdown imaging process began with Encase. Upon completion, U.S. Security Associates staged images for viewing in Encase and started providing reports for ad-hoc requests. U.S. Security Associates mounted e-mail for viewing and ran various keyword searches and carved unallocated space for all relevant Microsoft compound documents. U.S. Security Associates provided the Encase images to the FBI as per their request, and to opposing counsel. U.S. Security Associates testified for the prosecution as an expert witness and the electronic evidence was introduced through its testimony. Central American Country Superintendent of Banks' Intervention of Major Bank Engaged by the Superintendent of Banks (SIB) and one of the Big 5 auditing firms to provide advisory services to with respect to identifying all electronic stored information

(ESI) and developing a strategy for forensically acquiring relevant ESI, and prepare for staging into an e-discovery platform. U.S. Security Associates met with SIB government officials, local lawyers and U.S. lawyers to define the scope and prepare an estimate of the acquisition phase. Upon approval, U.S. Security Associates traveled to the country and put together a local team to assist in forensically acquiring ESI. Tools used in the acquisition and hash verifications included Encase, Logicube's MD5 and FTK Imager. ESI was gathered from workstations, servers with internal storage and SANs with logical RAIDs, log files from networking and internetworking devices. Airline Anticipates Litigation -- Implements Litigation Hold and Prepares For e- Discovery Requests Engaged by carrier's outside counsel to design and implement a forensic ESI acquisition and evidence processing plan in support of anticipated e-discovery requests. U.S. Security Associates devised a plan to image the data and forensically acquire ESI from various locations using Logicube's MD5 and Encase. U.S. Security Associates worked on extracting files from active space and carved files from unallocated, pagefile.ssys and hiberfil.sys from files, and then providing these files to an e-discovery service provider who in-turn staged files in Clearwell. The carrier's e-mail format was Groupwise, and due to Clearwell's inability to natively process Groupwise, U.S. Security Associates ran conversions to PST files using Paraben's Network E-mail Examiner and Transcend Migrator. Company Sued in Personal Injury Case Hired by Plaintiff to carry out a Court ordered production request. The judge was not satisfied with the documents produced by the Defendant, and ordered a digital forensic specialist to search Defendant's systems for responsive documents related to insurance claims filed against the moving company. U.S. Security Associates went onsite and assessed all environments where ESI resided and could possibly locate responsive documents. Data was located on two insurance claims systems -- the company is self-insured. One was an older commercial application on an AS/400 using a DB2 database, and the other was a proprietary system using SQL Server. An SQL Server data warehouse and a commercially available document management system were searched. In order to locate new responsive claims which the company had not produced, U.S. Security Associates created and run various SQL queries; used BusinessObjects to query and analyze the MS SQL Server data, and wrote scripts to tally and remove duplicate hits. Work resulted in the production of additional responsive documents.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information