Consulting Services

Consulting

This service has two main applications:

First, for the client who, for whatever reason, determines that they need to be directly involved in the investigation. We can consult with that client and show them the methods used to uncover certain information, advise them in the manner in which it needs to be retrieved and then consult with them as to the meaning or possibilities presented once that information has been obtained.

Another application is for the police department that recognizes its own limits due to size or budget restraints but still has the integrity to want a major case investigated properly.

There are many highly motivated and hard working departments that, for one reason or another, simply don’t have the service of experienced, trained investigators at their disposal. In that situation, we can Consult on any specific situation or the investigation as a whole. Our training and experience has proved to be the difference in many cases. With over fifteen years of law enforcement experience, we have successfully investigated and prepared for prosecution hundreds of felony cases.

Services

Consulting. The process of problem review, research and solution analysis

Forensic Examination Analysis. The process of making exact images of the
selected media, recovering deleted data, conducting key word searches, and a complete forensic report.

Password Recovery. Unlocking / recovering files , if possible, where the password is not known or has been forgotten. This service can often be handled within 24-72 hours. Call for additional information.

Law Enforcement and Legal Community Services. Criminal & Civil cases.
Any type of criminal or civil case where computers have been used to store data needed for the successful completion of the clients case

Audits of Computer Usage by Employees. A random examination of client selected computers, to spot check for employee abuse of company computers.

Computer Incident Response

Over the last decade the world has become dependant upon portable computers, desk top computers and network servers. These devices are relied upon by businesses as well as government agencies and the military. Unfortunately, they were designed for convenience and not for security. Many are connected to the Internet which introduces additional risks and problems to the work place.

Most corporate and government threats are from employees. A study conducted by Ernst and Young, LLP indicated that 85% of computer-related problems are employee generated. A similar survey conducted by the Federal Bureau of Investigation indicated that 80% are employee related.

Embezzlements, theft of trade secrets, Internet account abuses and unauthorized outside employment activities on company time are common occurrences in the workplace. As a result, many corporations and government agencies have created Incident Response Teams which deal with computer-related abuses and intrusions when they occur. Typically, these teams are comprised of employees from corporate counsel, internal audit, computer security, corporate investigations and computer system administration functions.

Computer Forensics Lab Reviews

Many corporations and government agencies recognize the need to have an in-house staff to process computer evidence. Hundreds of personnel issues arise daily, most involving some type of electronic documentation or communication. These internal computer forensics laboratories can be an efficient and cost-effective way of handling routine computer incidents that are not likely to be referred to law enforcement for prosecution or will require expert witness testimony. However, should an employee misconduct claim turn into a full-blown lawsuit, then internal procedures, staff training, tools and capabilities will certainly be scrutinized.

Do the internal computer forensics capabilities meet potential legal challenges?

Has the staff been properly trained in computer evidence processing procedures? Their training and capabilities are not adequate, if their expertise is limited to the use of just one set of computer forensics tools.

Does the staff qualify to testify as experts in computer evidence processing?

Are proper computer forensics software tools used to preserve, process and document the computer evidence?

Are the findings limited to the use of just one computer forensics tool or are multiple tools used to cross-validate findings?

Is a proper chain of custody established and documented in the processing of the evidence?

Is proper security provided for the computer evidence or is it accessible to unauthorized employees?

Does the staff have sufficient depth to deal with more than one computer incident at a time?

Organizations fortunate enough to have the funds and personnel required to establish their own computer forensics capabilities should have some form of independent, objective review of their policies and procedures. Just one mistake can call into question every decision and piece of evidence processed in the computer forensics laboratory.

WTCI's review of an internal computer forensics lab will:

Evaluate evidence handling and storage procedures.

Analyze procedures and methods used by laboratory personnel to preserve, extract, process and document the electronic evidence.

Make appropriate training and computer forensics software tools available when necessary.

Examine case documentation and evidence log procedures.

Perform "walk throughs" of current and past jobs for critiquing with staff members, management and corporate lawyers.

Examine available technical resources.

Brief legal support staff on current trends and review evaluation findings from a liability and litigation perspective.

Evaluate operational security practices.

The thorough evaluation of internal computer forensics capabilities and practices is essential to reduce the risk of errors and possible liability. Every investigative discipline requires close, independent scrutiny to ensure that its procedures, policies and services meet all applicable industry, as well as federal, standards.

Computer Related Embezzlement

Since approximately 1980, business record keeping has transitioned from paper to computer storage media. Unfortunately, computer records are easily modified, destroyed or held hostage through unauthorized changes in passwords. In small businesses, one key employee is usually responsible to maintain the computer bookkeeping system and business bank accounts may be electronically tied to these computer bookkeeping systems. Software applications like QuickBooks have become the industry standard because of their ease of use, efficiency and powerful reporting capabilities. However, these popular business systems can also be abused by disgruntled or dishonest employees who are believed to be trustworthy. Embezzlements from small business are on the rise and the evidence of such crimes is usually in the form of computer related evidence.

Electronic Document Discovery

Valuable evidence stored on computers can often "make" or "break" a case. While many litigators are aware that evidence may be contained in computer files and previously deleted files , they usually do not know that computer evidence can also be transparently stored in temporary files, file slack and the Windows swap file.

Password Recovery Services

Some computer applications allow the computer user to secure their work product with passwords, e.g., Microsoft Word, Microsoft Excel, Microsoft Access, etc. Other software utilities provide the user with the ability to secure one or more files, created by any computer application, with passwords, e.g., PKZip. Sometimes passwords are forgotten and important computer files cannot be accessed. In some cases important data is 'held hostage' through the use of password protection by disgruntled employees.

If you have a legitimate need to access password protected files and you don't have the password, WTCI may be able to help you through its consulting services.









*