Defining Digital ForensicsWho Knew What, When & HowDigital Forensics is a scientific process thatutilizes specialized tools and forensic techniquesto recover, authenticate, analyze and report onElectronically Stored Information (ESI).ESI is used to reconstruct events, track patterns& assemble an investigative profile focused ondigital media based activities.Who Knew What, When & HowAlmost everyone use devices such as cell phones,laptops and tablets that generate ESI & digitalevidence that can be used to establish factsDeleting a file just removes the pointers but thedata remains in unallocated space.Evidentiary WeightDigital evidence can cementand or give credibility to alegal theory or theme in away that circumstantialevidence cannot.
Digital Forensics LaboratoryState of the Art FacilityState-of-the-Art architecture & technology forscalable, high–powered processing.Latest versions of industry leading, forensicanalysis & eDiscovery toolsets.External Perimeter & Internal Security layers viaauditable card access, Biometric Access Controlsand IR video surveillance.Quality ControlsDocumented Policies & Standard OperatingProcedures govern laboratory operations from Chainof Custody through Evidence Disposition.Certified Forensics TeamAll Forensic Analysts have earned the leadingindustry certifications.
System ForensicseMail/eDocumentsStored in proprietary andcomplex file formatsDigital PhotosImages are created in severalfile formats and could bestored anywhereUnallocated SpaceGaps present on a digital driveoften contain hidden dataRegistryContains stored system &userconfiguration settings as wellas typed URLsWeb BrowsingData stored in proprietaryformats specific to eachbrowser; Internet Explorer,Firefox, etc.StorageIf it stores ESI, it can beanalyzedSYSTEMFORENSICS
eDiscoveryExtreme CareESI must be skillfully extracted,processed & analyzed while maintainingevidentiary integrityMassiveEven in smaller cases, theamount of ESI can beoverwhelmingOut of CourtExpertly performed, eDiscoveryoften leads to pre-trialsettlementseDISCOVERYSpecialized Training & ToolsIn-depth knowledge of File Systems,Directory Structures & ForensictoolsetsScientific EvidenceTime and Date Metadata isextremely accurate
Integrity ServicesINTEGRITYSERVICESAnalysis of departing employee’sElectronically Stored Information forindication of IP theft, Customer Listtheft, slanderForensic Capture andRetention of departing employeesESI for future litigation / analysisRandom analysis of ESI for keypersonnel (Similar to randomdrug screening)Ensuring employee compliance.(HIPAA, HITECH, Meaningful USE,FISMA, FFIEC, GLBA, PCI DSS, etc)
Active Case ExamplesMedical MalpracticeSYSTEM FORENSIC INVESTIGATIONEMR Record Manipulation, Extensive &Deliberate Destruction of Evidence1st of 5 arbitrations resulted in a swiftsettlementMedical MalpracticeeDISCOVERYLarge hospital system preparing for litigationspecific to unnecessary coronary proceduresOngoing eMail and eDocument processing &analysisIntellectual Property TheftCORPORATE eDISCOVERYInternational Transportation company seeks toprotect its proprietary dataHarassmentMOBILE DEVICE FORENSICSRecovered SMS text messages which providedproof of intent to harmChild CustodySYSTEM FORENSIC INVESTIGATIONInternet activity profiling & usage timeline
Case Process FlowPost-CaseProcessingCaseReportingCaseDocumentationForensicAnalysisImaging +HashingCollectionCaseInitiationSTART FINISH
Active Case ExamplesEnronRecovered email & eDocument files played a keyrole in the investigation and convictionSYSTEMFORENSICSDeepwater HorizonRecovered emails and Cell phone text messagesregarding spoliationSYSTEMFORENSICSeDISCOVERY eDISCOVERYMOBILEFORENSICS
Active Case Examples (cont’d)Medical MalpracticeRecovered email & eDocument files played a keyrole in the investigation and convictionSYSTEMFORENSICSCentral Penn Womens HealthCorporate Sabotage/Intellectual Property TheftEvidence authentication & event timelines werevalidated with System ForensicsSYSTEMFORENSICSeDISCOVERY eDISCOVERYMOBILEFORENSICS