About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.
Request Consultation
Company News
-
Real Success Stories
Electronic Discovery
Forensic Investigations
Incident Response
Electronic Discovery
Sword & Shield Uses SaaS to Assist Law Firm in Review
In preparation for a class-action lawsuit, a legal firm contacted Sword & Shield for assistance in gathering the information from computers housed in various locations across three states.
After handling the preservation, collections, and processing of relevant information for the purpose of providing the Electronically Stored Information (ESI) for review, Sword & Shield analysts notified the firm that their eDiscovery review platform was at capacity and could not be used in the review.
Sword & Shield then provided the needed review platform on a SaaS (Software as a Service) model for the duration of the project. The review was completed and Sword & Shield provided the needed productions to the opposing side with precision and on time.
Back to Top
Sword & Shield Recreates Health Firm’s Retired Email System to Meet Legal Request
To comply with a legal request, a large healthcare company needed to provide emails that came from a retired email system that was no longer available.
Faced with the expense and required resources to recreate the retired email system, the healthcare company contacted Sword & Shield for assistance.
Sword & Shield analysts received the backup media from the legacy email system, extracted the email for the named custodians, indexed the email, and then searched the information based on the keywords provided. We then produced the results back to the client on time and within budget to perform the review.
Back to Top
Preparation Reduces the Cost for Future eDiscovery Requests
In an effort to minimize the costs of future eDiscovery requests, a large company contacted Sword & Shield for assistance to properly prepare for these future requests.
Sword & Shield provided a litigation response solution that determined the locations of the company’s accessible and non-accessible data per Federal Rules of Civil Procedure (FRCP) 26(b)2), designed the appropriate data maps, and created step-by-step litigation response procedures for the proper preservation of the data.
Sword & Shield bundled this solution with pre-paid eDiscovery expert consulting to assist both the IT and legal teams in following the standard methodology used to respond to litigation requests.
Back to Top
Forensic Investigations
Former Employee Uses USB Drive to Steal Intellectual Property
After the former employee of a manufacturing company began working for a competitor, the manufacturing company’s current employees noticed that their unreleased product designs were being marketed and sold by their competitor, leading them to believe they had been a victim of intellectual property theft.
The company contacted Sword & Shield to perform a forensic investigation on the laptop of the former employee. After a full forensic analysis of the hard drive, Sword & Shield analysts were able to identify the previous existence of a PowerPoint presentation that contained the product designs of interest and the associated marketing plans.
Sword & Shield concluded that the PowerPoint presentation in question was located on a USB drive that was not owned by our client. Sword & Shield analysts provided the serial number and the model number of the USB drive as proof our client needed to subpoena the USB drive for analysis.
Upon analysis of the USB drive, Sword & Shield concluded that the former employee did, in fact, have the confidential information in his/her possession and had attempted to delete the file prior to providing the USB drive for examination.
Back to Top
Executive Caught Using File-Sharing Site to Send Proprietary Info to Competitor
A growing government subcontractor wanted to determine how a competitor was obtaining and using proprietary information to win contracts that the company felt should have been awarded to them, so they called in Sword & Shield to perform an internal investigation.
Our analysts found evidence that one of the company’s executives was uploading confidential company information to an Internet file-sharing website. A forensic analysis of the executive’s computer was performed and the analysis confirmed that this executive was sending the proprietary information to the competition.
The subcontractor was presented with this evidence in the event the company decided to pursue legal action.
Back to Top
Fired Employee Steals Info from Company Laptop before Destroying Files
After a manufacturing company terminated the employment one of its executives, company officials contacted Sword & Shield to determine if the former employee had taken any proprietary information from a laptop before returning the equipment.
Sword & Shield determined that, on the day before returning the laptop, the executive had installed a backup program and backed up all contents of the laptop. Sword & Shield analysts were able to recover the logs of the backup application so that we could provide a list of all confidential and proprietary files in the possession of the terminated employee to our client company.
Sword & Shield provided further analysis to conclude that many of the files were permanently destroyed from the laptop after it was backed up but prior to returning it to the company.
Back to Top
Emails Show Worker Had Relationship with Co-Worker She Accused of Harassment
When an employee sued her company for sexual harassment, the law firm representing the company contacted Sword & Shield to gather evidence to assist them as they proceeded in the investigation of the complaint.
The accuser claimed she had been the recipient of unwanted advances by a co-worker; however, the co-worker claimed the relationship was mutual and that no harassment had occurred.
Sword & Shield performed a forensic analysis of the computer used by the employee who filed the harassment suit and discovered the employee and her co-worker had used a Microsoft Hotmail account to communicate rather than use the company’s host-based email system. Hotmail, a web-based email client, circumvented the company’s email client, making it more difficult to retrieve the information relevant to the investigation.
Our analysts, however, were able to recover some of the Hotmail email conversations between the two employees. These files contained pictures shared between the employee and the co-worker, along with other information that easily showed that the two shared a mutual relationship.
In addition, Sword & Shield recovered extensive Facebook instant message conversations that further confirmed the mutual relationship between the parties.
Back to Top
Computer Images Dispute Employee’s Claim to Worker’s Compensation
A law firm defending a workers’ compensation suit contacted Sword & Shield to analyze the computers used by the employee who filed suit against the law firm’s client company.
In the suit, the employee alleged experiencing a fall while at work that led to various health conditions that impacted the quality of life. The alleged conditions were very specific and caused seizures, uncontrollable motor skills, and chronic migraine headaches.
Sword & Shield analyzed the computers used by the employee and found information that disputed these claims. According to our investigation, the employee had performed extensive research pertaining to the medical conditions allegedly suffered. However, the Internet research did not show a particular interest in diagnosing or treating these conditions, but, rather, the research was specific to attorneys that specialized in workers’ compensation for these conditions, workers’ compensation calculators for the conditions, and the symptoms of the condition. It was later determined theses searches were performed before the parties gave depositions in the case.
Sword & Shield also discovered personal pictures that refuted the claims of a “diminished quality of life”. The specific pictures were confirmed to have been taken after the alleged incident and showed the employee on a beach vacation, swimming at a water park, enjoying a college football event, camping with family, jumping off of a rock cliff into a lake, and jumping off of a bridge into a lake.
Back to Top
Commercial Spyware Used to Forge Email Communication in Divorce Case
When a businessman and an attorney began divorce proceedings, Sword & Shield was contacted to show that email conversations the attorney produced to prove infidelity were forged.
Prior to the marriage, the businessman and the attorney had entered into a prenuptial agreement that specified financial “penalties” for any acts of infidelity. During the discovery phase of the divorce trial, the attorney submitted printed email conversations demonstrating the apparent infidelity of the businessman.
Sword & Shield’s analysis determined that three of the computers owned and used by our client, the businessman, at both his business and home, contained commercial spyware that was installed by his estranged wife.
Among other features provided by the commercial spyware, it captured all emails the businessman sent or received and forwarded copies of these emails to his wife’s email address.
Sword & Shield analyzed all of the printed email produced in discovery and the computers used by our client with the commercial spyware installed. We were able to recover all emails – including deleted emails – produced by the attorney in printed form during discovery and performed comparisons of the printed versions to the originals electronic versions.
By comparing all aspects of the native emails from the computer to those produced on paper by the opposing side, Sword & Shield confirmed that all the printed emails produced in discovery claiming the infidelity of our client were forged. Sword & Shield concluded that upon intercepting the emails, the opposing party would “cut and paste” the conversation into a word processing application, make the desired modifications to the communications, then print the emails to later produce in discovery in the divorce proceedings.
Back to Top
Forensics Investigation Reveals Attorney Purposely Filed Forged Legal Documents
An attorney with a vested interest in the contents of a critical document filed in a contract dispute was not the same legal document signed by a Sword & Shield client.
After working with the participating attorneys and the courts to develop the appropriate protocol to protect privileged information, Sword & Shield performed a full forensic analysis of the laptop used by the attorney who composed and filed the disputed legal document with the courts.
Sword & Shield was able to locate temporary print streams of the specific document in question on the laptop hard drive used by the attorney. Of the print streams identified, there were two unique versions of the document. After further analysis, it was determined that one version was the version that was filed with the court and the other was confirmed to be the document that was signed by our client.
Back to Top
Incident Response
Phishing Email Opens “Back Door” to Allow Intruders into Access Computer Network
When a federal power cooperative was notified by their bank that fraudulent wire transfers were occurring, they called Sword & Shield analysts in to determine the cause of this security incident.
Sword & Shield examined the environment using a detailed forensic analysis and determined that a “phishing” email had been sent to the cooperative’s chief financial officer that contained what appeared to be a benign Adobe PDF document. When the document was opened, it installed malicious software that opened a back door for an intruder to access the computer without authorization using the Internet. This software was not detected by the company’s anti-virus protection.
Analysts also traced the origin of the attacker to an unsecured wireless connection and provided these findings to the FBI for further investigation. We also suggested that the company provide user training in security awareness and safe email use.
Back to Top
Analysts Recommend Simple IT Task to Secure Protected Health Information
A healthcare company contacted Sword & Shield’s Incident Response Team after discovering suspicious files that permitted access to patient information on one of their Internet servers. As part of the Incident Response Service, our analysts detect and assess possible incidents to determine whether an event has occurred, the magnitude of the event; how to contain and eradicate this incident and how to respond in the future to prevent similar events.
In this case, Sword & Shield analysts performed a full forensic analysis of the healthcare company’s server and determined that the server had been compromised with malicious software that allowed unauthorized access from the Internet. The malicious software had gone undetected by anti-virus programs for more than three weeks as intruders were accessing the system and patient information – an incident that could result in penalties should it be determined that the company failed to secure protected health information (PHI).
Analysts further determined that a simple misconfiguration of the Internet server software had permitted the uploading of the malicious software and they informed the healthcare company’s IT professional that a reconfiguration was necessary to prevent further problems of this nature.