800-810-1885
Home > Blog

Blog

Free Volatile Data Collection Kit

By Les Jones | Published: September 8, 2010

In Who Needs COFEE? Bill Dean put together a package of free software resources for collecting volatile data. All of the tools will fit on a USB thumb drive, ready for incident response and forensic investigations.

Download the Volatile Data Collection Kit

Contents

The kit has tools to collect important information about the system and its history:

  • Registry Information
  • Event Logs
  • File Hashes
  • Network Information
  • Memory Images
  • Recently-executed Program List
  • Driver Information
  • DLL Information
  • Clipboard Contents
  • System Date and Time
  • Screenshots
Posted in Computer Forensics | Tagged | Leave a comment

Computer Forensics Expert to Train US Attorney’s Office Employees

By Lara Bergman | Published: September 8, 2010

Bill Dean #581

Bill Dean, Sword & Shield’s director of computer forensics, will speak to the US Attorney’s Office for the Eastern District of Tennessee Thursday, Sept. 9 at 10 a.m. in Pigeon Forge. He will discuss Social Networks: The Double-Edged Sword for the division’s annual training.

He will educate the employees on how to use social networking from an investigative perspective and will provide tips to secure user privacy.

Dean has more than 14 years of experience in the technical field in roles such as programmer, systems support, enterprise systems design and engineering, virtualization, digital forensics, and information security.

In 2005, he was recognized as the primary architect for an Intel virtualization/server consolidation project and was awarded Network World’s “Enterprise All Star” and “InfoWorld’s Top 100 Projects”. Since that time Bill has focused his career on the specialties of systems security, electronic discovery, digital forensics, and incident response. He served as the technical expert and provided Federal Court testimony in the 7th largest eDiscovery case in 2007.

He is a Certified Penetration Testing Specialist, Certified Computer Examiner, GIAC Certified Incident Handler (GCIH), a GIAC Certified Forensic Analyst (GCFA), AccessData Certified Examiner, and an active member of the International Society for Forensic Computer Examiners.

Posted in Computer Forensics, Events, Social Media, Training | Leave a comment

eDiscovery – Someone Has to Say It

By Bill Dean | Published: September 1, 2010

This will be the first article in a series that I plan to write about the industry of eDiscovery. For a topic this large, I feel it will be easier to eat the elephant one bite at a time. I am also confident that I am not going to make any friends in the litigation support vendor market with this series of articles and may actually loose a couple, but someone has to say it.

eDiscovery is a mess. It is comprised with complexities, frustration, confusion, and uncontrolled expense. As many of you are aware, I have worked in the eDiscovery industry as a technologist for years. I would often wonder why more legal teams did not embrace the efficiencies of eDiscovery.  As I step back and look at the industry, along with reading and hearing the war stories surrounding eDiscovery, I can’t say that I blame them. eDiscovery, when implemented properly, should  be the extension of the discovery process that includes electronic information. When conducted properly, it should facilitate the success and efficiencies of the discovery process. But eDiscovery appears to create additional problems and foster uncontrollable expense. For these reasons, I am going to dedicate the next few issues of this newsletter  attempting to simplify and demonstrate methods of both efficiency and cost savings through each phase of the EDRM lifecycle.

As I begin this series of articles, I will start by describing my role in the eDiscovery market so there is an understanding of my perspective. My eDiscovery career began as many did, somewhat by accident. I had the responsibility of digital forensic investigations for a large healthcare company that became involved in John B. v Goetz.

When my company was presented with the situation, I agreed to lead the effort. I made this decision because the process to complete the request for electronic information was similar in approach and tools that I used for forensic investigations, and the vendor quotes seemed astronomical. I could not have asked for a better opportunity to learn about the challenges of eDiscovery. Since that time, I have been an eDiscovery consultant. My company is not an eDiscovery processing shop, nor do we have a capital investment in technology that I feel compelled to promote. We promote and provide the tools that best meet the needs of our clients. Our role is to assist our clients at any and every phase of the EDRM lifecycle to meet their needs in a successful manner. Within this role, we find that there are efficiencies in each stage of the EDRM lifecycle and I would like to share some of them with you.

As the articles will describe, there are many phases of the eDiscovery lifecycle that, when approached properly, can save complication and expense. Through this series of articles, I want to convey something very important; eDiscovery is not a product, it is a process. This process requires clear communications, technical expertise, and a clear understanding from all parties involved. For this first article I want to jump ahead to describe how you can make the largest financial impact the quickest, the processing phase.

Many times the client may not understand the technical costs of eDsicovery compared to the legal costs. Allow me me help you save some eDiscovery costs so there is more budget for you to assist your client with their case.

Want to know how you can directly save costs without sacrifice? I am just going to say it, stop “TIFFing” out all of the documents that you review for your client. When you finish drafting your complaint or motion for summary judgment, do you convert it to a TIFF before you perform the final review? Then why are you converting all of your client’s documents to an image before you review them? The document conversion aspect of processing is one of the biggest wastes of money in eDiscovery. Many feel that this processing phase of eDiscovery is the most expense, TIFFing every document before you review it is a large portion of that expense. Let’s go ahead and address the arguments you are making right now.

  • I must convert the document to an image to redact. You are correct and I am not discouraging that. But you should only convert, “on the fly”, the documents that need redacting.
  • The format requested is TIFF document with a load file. You can still meet this request. Only convert the documents that are to be produced.
  • My produced documents must have Bates Stamps. Just as the other examples, you can still do this. Can you guess my next statement?
  • My vendor states that all electronic documents must be processed and converted before they can be loaded into the review platform. Ask them why. If they cannot provide you with an adequate answer for the additional expense, find another vendor.

If you no longer endure the expense of converting all documents to a TIFF image before loading for review, congratulations. This should have increased funds for you and your firm to better litigate your client’s case. There is still an intermediary step to watch out for: “native” processing before loading into a review platform. Many times you are being charged to natively process everything, and then charged again for the review platform, which may or may not be provided by the same vendor.

Many of you may grin as you read this due to the early case assessment platform that you are using. Early case assessment technology is wonderful, but the eDiscovery market still struggles to define “Early Case Assessment”. Many state that early case assessment is a process and not a product, and the term has become a common marketing phrase without a definitive meaning. I do not want to discourage the use, but want to make sure that you fully leverage the technology provided for the investment paid.  The cost of many early case assessment platforms compare to the document conversion and native processing that we have already discussed. If you simply want to search, cull information, review, and redact documents, you do not need an early case assessment platform. If you are using an early case assessment to simply review electronic documents, you are wasting money.

The eDiscovery technologies that we now suggest for the majority of our clients with eDiscovery matters are called “Unified eDiscovery Platforms”. Unified eDiscovery platforms, often provided on a “pay as you go” model, now consolidate many of the software packages needed in eDiscovery to a single platform. The unified platform ingests electronic documents in their native form, they way technology intended. Some platforms are modular with additional features such as early case assessment, but only if needed. When unified eDiscovery platforms provide the features needed, huge expense can be saved.

I have continued to state that, with the information in this article, you can directly lower the eDiscovery costs for your client with little sacrifice. I will demonstrate with a common scenario, you have 100GB of data to be culled, reviewed, redacted, and potentially responsive information will be produced. Below is a pricing table comparison.

Cost Comparison

As you can see, using a basic unified eDiscovery platform for the processing phase can save your client 75% when compared to TIFF conversions and 66% when compared to early case assessment platforms. For simplicity, I have not provided estimates for native processing and then the use of another review platform. That scenario would be in the same price range as the ECA option. I have also not included the costs of production. One last note is the price used for the unified eDiscovery platform is the pricing model that we provide to our clients and pricing of other unified eDiscovery platforms may vary.

My hope is that this article has caused you to think about the expense of the eDiscovery process that you have direct control over. In the rough economic times we are currently in, these savings could potentially be applied to litigating the case. As I stated early in this article, eDiscovery is a process, not a product. I will continue this theme as we discuss each phase of the EDRM lifecycle. Next month we will go back to the beginning, the information management phase. When this phase is properly implemented, legal counsel adds great value to their clients and eDiscovery requests are more management.

Posted in Electronic Discovery | Leave a comment

Sword & Shield Makes Inc. 5000 List Five Times in a Row

By Lara Bergman | Published: August 31, 2010

Five times is a charm for Sword & Shield as it makes the Inc. 5000 Fast-Growth List again.

With a 2006 to 2009 fiscal year top-line revenue growth of 90 percent, Sword & Shield was ranked number 2,606 on the list, up more than 1,000 spots over last year’s ranking of 3,647. The company earned nearly $73 million in 2009.

Sword & Shield first appeared at number 214 on the list in 2006. In 2007, the company was ranked at 426 and at 563 in 2008. The company has appeared on the list for the past five consecutive years.

“We are pleased to be recognized as one of the top fast growth companies in the United States by Inc. magazine,” Sword & Shield President and CEO John McNeely said. “Achieving the fast growth success needed to make the Inc. 5000 list for five straight years speaks to the hard work and talent of Sword & Shield associates and their dedication to the security needs of our customers.”

Inc.com, the online arm of Inc. magazine recently announced its annual ranking of the 5000 fastest-growing private companies in the country. The list is the most comprehensive look at the most important segment of the economy – America’s independent-minded entrepreneurs.

The 2010 list is ranked according to the percentage revenue growth from 2006 through 2009. To qualify, companies must have been founded and generating revenue by June 30, 2006. They also had to be based in the United States, privately-held, for-profit and independent – not subsidiaries or divisions of other companies – as of Dec. 31, 2009.

The minimum revenue required for 2006 is $80,000 and the minimum for 2009 is $2 million.

Sword & Shield also has offices in Washington, D.C., Atlanta, Memphis, Alexandria, VA, and Lexington, KY and serves industries ranging from banking and finance, to retail, manufacturing, and healthcare.  The company’s services are relied upon by several key federal agencies and numerous Fortune 1000 companies.

Sword & Shield has received several awards in recent years, including ranking 35th on the Washington Technology’s 2009 Fast 50 list, an overall ranking of individual company success within the government market.  Additional industry recognition includes four consecutive years as one of the top 100 fast-growth companies in the United States by Computer Reseller News. 

Sword & Shield is an information security consulting company providing services in security, compliance, risk assessment and policy development. The company provides consultation for such services as penetration testing, network vulnerability assessments, PCI, HIPAA and GLBA audits, eDiscovery, and forensics investigations.

Dozens of security product lines are offered through the SecureHQ.com e-commerce division. Sword & Shield is also a federal prime contractor with network security services available on the GSA Schedule and network security products available through NASA SEWP IV.

Posted in Company News | Leave a comment

Sword & Shield to Sponsor News Sentinel Open

By Lara Bergman | Published: August 20, 2010

Sword & Shield will sponsor a hole at the 2010 Knoxville News Sentinel Open beginning next week at Fox Den Country Club in Farragut.

The Open runs from Aug. 23 through 29 and features two professional-amateur (Pro-Am) days within the tournament week on Monday and Wednesday. Tournament play begins Thursday.

The Open began as the Nationwide Tour in 1990 at the fairways of the Bakersfield Country Club in California. During the tournament’s inaugural year, Knoxville became an institutional stop for the then “Ben Hogan Tour” and continues in that tradition as the 2010 Nationwide Tour’s Knoxville News Sentinel Open.

Knoxville’s interest in PGA Tours can be traced back more than 55 years ago when Golf Hall of Fame inductee and second recipient of the PGA Tour Lifetime Achievement award, Byron Nelson, won the PGA Tour Knoxville Invitational in 1945 at Holston Hills Country Club.  Since then, local attendees have been witness to the journey of thousands of professional golfers and have seen more than $1 million in contributions to local and national charitable foundations.

Last year, the tournament ended in dramatic fashion as Kevin Johnson became the tournament champion after two sudden death playoff holes against Bradley Isles.

Spectators are invited and ticket prices can be found on the Knoxville News Sentinel Open’s website.  Proceeds from ticket sales will go to a range of charitable initiatives, including the Boys & Girls Club of the Tennessee Valley, the News Sentinel Empty Stocking Fund, The First Tee, and the establishment of a sports management scholarship at the University of Tennessee.

Posted in Company News, Events | Leave a comment

Computer Forensics Division Hires New Engineer

By Lara Bergman | Published: August 19, 2010

Sword & Shield’s Computer Forensics Division has welcomed Pete Dedes to the services consulting team as a computer forensics engineer.

Dedes will assist in expanding our abilities to better serve our customers’ needs for expertise in digital forensics and electronic discovery.

After more than 10 years in the field of information technologies, Dedes worked to obtain a Certified Computer Examiner (CCE) certification and is recognized as an expert in the field of  digital forensics and electronic discovery. He has furthered his value to the field of digital forensics by qualifying and testifying as a digital forensics expert. Dedes will add his digital forensics knowledge, expertise and experience in assisting our clients in domestic matters, employment issues and cases involving theft of intellectual property.

“I am pleased that Pete Dedes has joined Sword & Shield to further expand our capacity to support the growth of the digital forensics and electronic discovery services,” said Bill Dean, the director of computer forensics.

Our computer forensics and eDiscovery consulting practice is a full service, one-stop litigation support technology provider, offering a full spectrum of electronic discovery and forensic services. Sword & Shield partners with law firms, corporate legal departments and small- to medium-sized businesses to offer technology solutions at each stage of the eDiscovery or forensics investigation process and respect the chain of custody rules, the rules of evidence and proper and well-accepted forensic techniques that produce findings that are admissible in court.

Posted in Company News, Computer Forensics, Electronic Discovery | Leave a comment

Free Gartner Group Reports: Network Access Control (NAC), Enterprise LAN

By Les Jones | Published: August 19, 2010

Juniper is in the Challengers Quadrant for Enterprise LAN and in the Leaders Quadrant for NAC.

PREVIOUSLYFree Gartner Group Report: Content-Aware DLP June 2, 2010

Posted in Network Security Products | Tagged | Leave a comment

Webcast: Securing Your Electronic Healthcare Records

By Lara Bergman | Published: August 17, 2010

There is an unprecedented trend in the Healthcare IT community to adopt systems and infrastructure to support the secure sharing and delivery of Electronic Healthcare Records (EHR) and to help you take advantage of the information you need to develop a secure network, Sword & Shield and Juniper are offering an information-packed webcast for your on-demand review.

This webcast, featuring health care industry expert Paul Reymann of the Reymann Group, Inc., addresses key considerations in developing a secure Electronics Healthcare Records (EHR) network.

In-depth topics will include:
•  Improved quality of care and patient safety
•  Cost savings and simplicity to physicians, hospitals, and other care providers
•  Cultural preferences for using the Internet and modern technology tools
•  Exposure to financial losses from medical identity theft and others types of data breach events
•  Legal and regulatory mandates
•  Federal and state financial incentives

Download now and also receive a complimentary white paper titled: Securing Your Electronic Record Network-Six Mandatory Considerations, valued at $500!

Presenter Bio: Paul Reymann
CEO, ReymannGroup, Inc.
Mr. Reymann is one of the nation’s leading regulatory experts and co-author of Section 501 of the Gramm-Leach-Bliley Act Data Protection regulation. He has authored several regulations on information security and technology risk management. Fortune 500 companies have leveraged Mr. Reymann’s subject matter expertise to develop successful strategies for HIPAA security compliance and the use of health information technology and security solutions.

Posted in Compliance, Events | Leave a comment

Sword & Shield Hires New Consultants

By Lara Bergman | Published: August 12, 2010

Sword & Shield welcomes Rick Hayes and Brian Bradley to our services consulting team. Their hiring expands our abilities to better serve our customers’ security assessment and risk and compliance needs.

As the result of a lengthy background in Information Security, Hayes has assumed the role of principal security assessment consultant. He will use his skills and compliance knowledge to review our customers’ current security policies, processes and controls so that he can provide an in-depth gap analysis and guidance on best practices in the IT and cyber-security area.

Hayes has worked as a security architect for Norfolk Southern Corporation and served as the information security officer for Carter’s, a Fortune 500 apparel company. He has developed auditing and remediation frameworks to address security vulnerabilities, was responsible for establishing security and forensics monitoring, management of vulnerabilities across entire enterprise systems and for conducing security assessments. He has served as the chief security architect on IT compliance, provisioning and operation teams and helped Carter’s achieve PCI DSS compliance as a Level 1 merchant.

Bradley has spent more than 15 years in IT and IT security and has the background to conduct HIPAA, PCI and ISO security assessments for large healthcare and commercial organizations. He will serve as a principal risk and compliance analyst for Sword & Shield, providing commercial consultative services to organizations in the creation and development of security plans, policies and procedures and compliance remediation. He also will serve in a pre-sales capacity, explaining our company’s role in helping business become complaint with regulations, such as HIPAA, PCI, the FEC Red Flag Rule and GLB.

Bradley comes to Sword & Shield after working as the director of healthcare services and the DHS datacenter project for Applied Computing Technology where he managed and conducted HIPAA, PCI and ISO security assessments for some of the largest healthcare and commercial organizations across the country. While working as an information security officer for a healthcare solutions company, Bradley also conducted security HIPAA and ISO compliance assessments for 18 hospitals and 20 other Fortune 100 companies.

“Sword & Shield is very fortunate to bring both of these talented individuals on board,” Vice President of Consulting Services Paul Fitzgerald said. “Rick brings a wealth of expertise and experience to our cyber security services. Brian’s depth of knowledge in the healthcare industry greatly enhances our risk & compliance services. Together they add a total of nearly 30 years of experience to our consulting staff. “

Posted in Company News | Leave a comment

PCI Fundamentals On-Demand Webcast Now Available

By Lara Bergman | Published: July 29, 2010

On July 27, Sword & Shield and Juniper Networks co-hosted an hour-long webinar to discuss how organizations can meet or enhance their PCI compliance security. A recording of the webcast, PCI Fundamentals: Assessing Risk, Conducting Cost/Benefit Analysis and IT Solutions to Tackle PCI Challenges, and accompanying slide deck are now available for viewing on-demand.

Sword & Shield Director of Risk & Compliance Dave Shackleford joined Juniper Networks’s Troy Herrera, a senior solutions manager, to discuss:

  • How to establish a Risk Management program to adequately assess and address threats and vulnerabilities
  • How to leverage Cost-Benefit Analysis to identify the best compliance solutions for your organization
  • Recommended best practice PCI Data Security Standards compliance IT solutions  

If you would like more information regarding how Juniper products can help you protect confidential credit card information, secure your networks or meet PCI standards or if you would like more information about Sword & Shield’s PCI compliance strategy, please contact us online or call us at 865-244-3500.

Posted in Compliance, Events, PCI | Leave a comment
Site Meter