2. Defining Digital Forensics
Who Knew What, When & How
Digital Forensics is a scientific process that
utilizes specialized tools and forensic techniques
to recover, authenticate, analyze and report on
Electronically Stored Information (ESI).
ESI is used to reconstruct events, track patterns
& assemble an investigative profile focused on
digital media based activities.
Who Knew What, When & How
Almost everyone use devices such as cell phones,
laptops and tablets that generate ESI & digital
evidence that can be used to establish facts
Deleting a file just removes the pointers but the
data remains in unallocated space.
Evidentiary Weight
Digital evidence can cement
and or give credibility to a
legal theory or theme in a
way that circumstantial
evidence cannot.
3. Digital Forensics Laboratory
State of the Art Facility
State-of-the-Art architecture & technology for
scalable, high–powered processing.
Latest versions of industry leading, forensic
analysis & eDiscovery toolsets.
External Perimeter & Internal Security layers via
auditable card access, Biometric Access Controls
and IR video surveillance.
Quality Controls
Documented Policies & Standard Operating
Procedures govern laboratory operations from Chain
of Custody through Evidence Disposition.
Certified Forensics Team
All Forensic Analysts have earned the leading
industry certifications.
5. System Forensics
eMail/eDocuments
Stored in proprietary and
complex file formats
Digital Photos
Images are created in several
file formats and could be
stored anywhere
Unallocated Space
Gaps present on a digital drive
often contain hidden data
Registry
Contains stored system &user
configuration settings as well
as typed URLs
Web Browsing
Data stored in proprietary
formats specific to each
browser; Internet Explorer,
Firefox, etc.
Storage
If it stores ESI, it can be
analyzed
SYSTEM
FORENSICS
6. eDiscovery
Extreme Care
ESI must be skillfully extracted,
processed & analyzed while maintaining
evidentiary integrity
Massive
Even in smaller cases, the
amount of ESI can be
overwhelming
Out of Court
Expertly performed, eDiscovery
often leads to pre-trial
settlements
eDISCOVERY
Specialized Training & Tools
In-depth knowledge of File Systems,
Directory Structures & Forensic
toolsets
Scientific Evidence
Time and Date Metadata is
extremely accurate
8. Integrity Services
INTEGRITY
SERVICES
Analysis of departing employee’s
Electronically Stored Information for
indication of IP theft, Customer List
theft, slander
Forensic Capture and
Retention of departing employees
ESI for future litigation / analysis
Random analysis of ESI for key
personnel (Similar to random
drug screening)
Ensuring employee compliance.
(HIPAA, HITECH, Meaningful USE,
FISMA, FFIEC, GLBA, PCI DSS, etc)
9. Active Case Examples
Medical Malpractice
SYSTEM FORENSIC INVESTIGATION
EMR Record Manipulation, Extensive &
Deliberate Destruction of Evidence
1st of 5 arbitrations resulted in a swift
settlement
Medical Malpractice
eDISCOVERY
Large hospital system preparing for litigation
specific to unnecessary coronary procedures
Ongoing eMail and eDocument processing &
analysis
Intellectual Property Theft
CORPORATE eDISCOVERY
International Transportation company seeks to
protect its proprietary data
Harassment
MOBILE DEVICE FORENSICS
Recovered SMS text messages which provided
proof of intent to harm
Child Custody
SYSTEM FORENSIC INVESTIGATION
Internet activity profiling & usage timeline
12. Active Case Examples
Enron
Recovered email & eDocument files played a key
role in the investigation and conviction
SYSTEM
FORENSICS
Deepwater Horizon
Recovered emails and Cell phone text messages
regarding spoliation
SYSTEM
FORENSICSeDISCOVERY eDISCOVERY
MOBILE
FORENSICS
13. Active Case Examples (cont’d)
Medical Malpractice
Recovered email & eDocument files played a key
role in the investigation and conviction
SYSTEM
FORENSICS
Central Penn Women's Health
Corporate Sabotage/Intellectual Property Theft
Evidence authentication & event timelines were
validated with System Forensics
SYSTEM
FORENSICSeDISCOVERY eDISCOVERY
MOBILE
FORENSICS