About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.
Request Consultation
Real Success Stories
Electronic Discovery
Forensic Investigations
Incident Response
Electronic Discovery
Sword & Shield Uses SaaS to Assist Law Firm in Review
In preparation for a class-action lawsuit, a legal firm contacted Sword & Shield for assistance in gathering the information from computers housed in various locations across three states.
After handling the preservation, collection, and processing of relevant information for the purpose of providing the Electronically Stored Information (ESI) for review, Sword & Shield analysts notified the firm that their eDiscovery review platform was at capacity and could not be used in the review.
Sword & Shield then provided the needed review platform on a SaaS (Software as a Service) model for the duration of the project. Sword & Shield completed the review and provided the information to the opposing counsel on time.
Back to Top
Sword & Shield Recreates Health Firm’s Retired Email System to Meet Legal Request
To comply with a legal request, a large healthcare company was required to provide emails that were on a retired email system that was no longer available. Faced with the expense and required resources to recreate the retired email system, the healthcare company contacted Sword & Shield for assistance.
Sword & Shield analysts received the backup media, extracted the email for the named custodians, indexed the emails, and then searched the information based on the keywords provided. We were able to provide the results to the client on time and within budget.
Back to Top
Preparation Reduces the Cost for Future eDiscovery Requests
In an effort to minimize the costs of future eDiscovery requests, a large company contacted Sword & Shield for assistance to properly prepare for future requests.
Sword & Shield provided a litigation response solution that determined the locations of the company’s accessible and non-accessible data per Federal Rules of Civil Procedure (FRCP) 26(b)(2), designed the appropriate data maps, and created step-by-step litigation response procedures for the proper preservation of the data.
Sword & Shield bundled this solution with pre-paid eDiscovery expert consulting to assist both the IT and legal teams in following the standard methodology used to respond to litigation requests.
Back to Top
Forensic Investigations
Former Employee Uses USB Drive to Steal Intellectual Property
After the former employee of a manufacturing company began working for a competitor, the manufacturing company’s current employees noticed that their unreleased product designs were being marketed and sold by their competitor, leading them to believe they had been a victim of intellectual property theft.
The company contacted Sword & Shield to perform a forensic investigation on the laptop of the former employee. After a full forensic analysis of the hard drive, Sword & Shield analysts were able to identify the previous existence of a PowerPoint presentation that contained the product designs of interest and the associated marketing plans.
Sword & Shield concluded that the PowerPoint presentation in question was located on a USB drive that was not owned by our client. Sword & Shield analysts provided the serial number and the model number of the USB drive as the proof our client needed to subpoena the USB drive for analysis.
Upon analysis of the USB drive, Sword & Shield concluded that the former employee did, in fact, have the confidential information in his/her possession and had attempted to delete the file prior to providing the USB drive for examination.
Back to Top
Executive Caught Using File-Sharing Site to Send Proprietary Info to Competitor
Sword & Shield was asked to perform an internal investigation after a growing government subcontractor wanted to determine how a competitor was obtaining and using proprietary information to win contracts that they felt should have been awarded to them.
Our analysts found evidence that one of the subcontractor’s executives was uploading confidential information to an Internet file-sharing website. A forensic analysis of the executive’s computer was performed and it confirmed that the executive was sending the proprietary information to the competition.
The subcontractor was presented with this evidence in the event they decided to pursue legal action.
Back to Top
Fired Employee Steals Info from Company Laptop before Destroying Files
After a manufacturing company terminated the employment of one of its executives, company officials contacted Sword & Shield to determine if the former employee had taken any proprietary information from a laptop before returning the equipment.
Sword & Shield determined that the executive had installed a backup program and backed up all of the laptop’s contents before returning it to the company. Sword & Shield analysts were able to recover the logs of the backup application and provided a list of all of the confidential and proprietary files in the possession of the terminated employee to the company.
Further analysis revealed that many of the files were permanently destroyed from the laptop after it was backed up and prior to returning it to the company.
Back to Top
Emails Show Worker Had Relationship with Co-Worker She Accused of Harassment
When an employee sued her company for sexual harassment, the law firm representing the company contacted Sword & Shield to gather evidence to assist them.
The accuser claimed she had been the recipient of unwanted advances by a co-worker. However, the co-worker claimed the relationship was mutual and that no harassment had occurred.
Sword & Shield performed a forensic analysis of the computer used by the employee who filed the harassment suit, and discovered the employee and her co-worker had used a Microsoft Hotmail account to communicate rather than the company’s email system. Hotmail circumvented the company’s email client, making it more difficult to retrieve the information relevant to the investigation.
Our analysts were able to recover some of the Hotmail email conversations between the two employees. These files contained pictures and other information that confirmed a mutual relationship.
In addition, Sword & Shield recovered extensive Facebook instant message conversations that further confirmed the mutual relationship between the parties.
Back to Top
Computer Images Dispute Employee’s Claim to Worker’s Compensation
A law firm contacted Sword & Shield to analyze the computers used by an employee who filed a workers’ compensation suit against the law firm’s client company.
In the suit, the employee alleged that a fall he experienced at work had led to various health conditions that impacted the quality of his life. The alleged conditions were very specific: seizures, uncontrollable motor skills, and chronic migraine headaches.
Sword & Shield analyzed the computers used by the employee and found information that disputed these claims. According to our investigation, the employee had performed extensive research pertaining to the medical conditions he allegedly suffered. However, the Internet research did not show a particular interest in diagnosing or treating these conditions, but, rather, the research targeted: attorneys that specialized in workers’ compensation for these conditions, workers’ compensation calculators for the conditions, and the symptoms of the condition. It was later determined that these searches were performed before the parties gave depositions in the case.
Sword & Shield also discovered personal pictures that refuted the claims of a “diminished quality of life”. The specific pictures were confirmed to have been taken after the alleged incident and showed the employee on a beach vacation, swimming at a water park, enjoying a college football event, camping with family, jumping off a rock cliff into a lake, and jumping off a bridge into a lake.
Back to Top
Commercial Spyware Used to Forge Email Communication in Divorce Case
When a married couple began divorce proceedings, Sword & Shield was contacted to investigate email conversations the woman produced in her allegations used to show her husband’s infidelity.
Prior to the marriage, the couple had signed a prenuptial agreement that specified financial “penalties” for any acts of infidelity. During the discovery phase of the divorce trial, the woman submitted printed email conversations demonstrating the alleged infidelity of her husband..
Sword & Shield’s analysis determined that three of the computers owned and used by the husband, at both his business and home, contained commercial spyware that was installed by his wife.
Among other features provided by the commercial spyware, it captured all of the emails the husband sent and received and forwarded copies of these emails to his wife’s email address.
Sword & Shield analyzed all of the printed emails produced in discovery and the computers used by the husband with the commercial spyware installed. We were able to recover all of the emails – including the deleted emails – produced by the wife in printed form during discovery and performed comparisons of the printed versions to the originals electronic versions.
By comparing all aspects of the native emails from the computer to those produced on paper, Sword & Shield confirmed that all the printed emails produced in discovery, claiming the infidelity of the husband, were forged. Sword & Shield concluded that the wife had used “cut and paste” to put the emails into a word processing application, made the desired modifications to the communications, then printed the emails she produced in discovery in the divorce proceedings.
Back to Top
Forensics Investigation Reveals Attorney Purposely Filed Forged Legal Documents
Sword & Shield was hired to determine the legitimacy of a forged legal document the client allegedly signed.
After working with the participating attorneys and the courts to develop the appropriate protocol to protect privileged information, Sword & Shield performed a full forensic analysis of the laptop used by the attorney who composed and filed the disputed legal document with the courts.
Sword & Shield was able to locate temporary print streams of the specific document in question on the laptop hard drive used by the attorney. Of the print streams identified, there were two unique versions of the document. After further analysis, it was determined that the version that was filed with the court was not the version signed by our client.
Back to Top
Incident Response
Phishing Email Opens “Back Door” to Allow Intruders in to Access Computer Network
When a federal power cooperative was notified by their bank that fraudulent wire transfers were occurring, they called Sword & Shield analysts to determine the cause of the security incident.
Sword & Shield examined the environment using a detailed forensic analysis and determined that a “phishing” email had been sent to the cooperative’s chief financial officer that contained what appeared to be a benign document. When the document was opened, it installed malicious software that opened a back door for an intruder to access the computer without authorization, using the Internet. This software was not detected by the company’s anti-virus protection.
Analysts also traced the origin to an unsecured wireless connection and provided these findings to the FBI for further investigation. We also suggested that the company provide user training in security awareness and safe email use.
Back to Top
Analysts Recommend Simple IT Task to Secure Protected Health Information
A healthcare company contacted Sword & Shield’s Incident Response Team after discovering suspicious files that permitted access to patient information on one of their Internet servers.
As part of the Incident Response Service, our analysts detect and assess possible incidents to determine whether an event has occurred, the magnitude of the event; how to contain and eradicate this incident and how to respond in the future to prevent similar events.
In this case, Sword & Shield analysts performed a full forensic analysis of the healthcare company’s server and determined that the server had been compromised with malicious software that allowed unauthorized access from the Internet. The malicious software had gone undetected by anti-virus programs for more than three weeks as intruders were accessing the system and patient information – an incident that could result in penalties should it be determined that the company failed to secure protected health information (PHI).
Analysts further determined that a simple improper configuration of the Internet server software had permitted the uploading of the malicious software. The healthcare company’s IT professional was informed that a reconfiguration was necessary to prevent further problems of this nature.
Back to Top