Forensic Investigations

Digital forensics is the application of science to the identification, collection, examination, and analysis of data, while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Sword & Shield offers certified, experienced professionals to conduct forensic investigations. To ensure our findings are admissible in court, we respect chain of custody requirements and the rules of evidence. Our experts are available as expert witnesses to testify pertaining to the procedures and methodologies used in the investigation.

Sword & Shield maintains a state-of-the-art digital forensics lab to analyze electronic evidence on computer hard drives, server hard drives, portable storage devices, cell phones, portable music players and Personal Digital Assistants (PDAs).

There are many reasons you may need the services of an expert forensic investigator.

• To determine if there is digital evidence to support legal proceedings related to computer fraud, employee misconduct, embezzlement, and computer abuse or cybercrime.
• To examine computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
• To analyze computer systems after a break-in to determine how the attacker gained access and what actions were taken.
• To recover data in the event of a hardware or software failure, or attempts to hide evidence.
• To gather evidence against an employee suspected of intellectual property theft, other illegal activity or behavior warranting termination.

Video: What is Digital Forensics?

Bill Dean, director of forensics and security assessments at Sword & Shield Enterprise Security, is a Certified Penetration Testing Specialist, Certified Computer Examiner, GIAC Certified Incident Handler (GCIH), a GIAC Certified Forensic Analyst (GCFA), AccessData Certified Examiner, and an active member of the International Society for Forensic Computer Examiners (#581).

Our Methodology for Forensic Investigations

A comprehensible forensic methodology must be repeatable and defensible. It is increasingly important to demonstrate conclusively the authenticity, credibility, and reliability of electronic information, such as the performance of a specific action or decision, or the existence of a certain item of information.

A standard process that is repeatable is essential for opposing experts to validate our findings and for colleagues to be able to repeat our steps when needed. These guidelines and procedures support the admissibility of evidence into legal proceedings, including information on gathering and handling evidence properly, preserving the integrity of tools and equipment, maintaining the chain of custody, and storing evidence appropriately.

Questions Our Forensic Investigation Report Will Answer

1. Is there sufficient evidence to support legal action or employee sanction or dismissal?
2. In cases of an external break-in, how did the attacker get in, where did they go and what did they take?
3. What is the likelihood that all evidence has been found?
4. Is the evidence presented in such a manner to be admissible in court?

Real Success Stories

Intellectual Property Theft Using a USB Drive

Sword & Shield was contacted to perform a forensic investigation of the laptop of a former employee. The goal of the investigation was to determine how unreleased product designs were being marketed and sold by the competing company that the employee went to work for. After a full forensic analysis of the hard drive, Sword & Shield was able to identify the previous existence of a PowerPoint presentation that contained the product designs of interest and the associated marketing plans.

Sword & Shield concluded that the PowerPoint presentation of interest was located on a USB drive that was not owned by our client. Sword & Shield provided the needed proof, serial number, and model number of the USB drive to subpoena the USB drive for analysis. Upon analysis of the USB drive, Sword & Shield concluded that the former employee did in fact have the confidential information in their possession and attempted to delete the file prior to providing the USB drive for analysis.

Find Out More

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.

U.S. Toll-free: 800-810-1885

International: 865-244-3500

Request a Consultation
First Name *
Last Name *
Company
Email *
Phone *
State	Select a StateAlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWest VirginiaWisconsinWyoming
How can we help you today?
Spam Captcha	Type this:
Sales answers requests within 1 business day and usually within a few hours.