Consulting, Investigations and International (CI&I):
Digital Forensics & E-Discovery
As the epoch of the Information Age has come and gone, so has the novelty of the Internet and the artificial sense of security surrounding its business implications.
As businesses continue to migrate towards paperless environments, more and more intellectual property and proprietary information will reside in electronic form. Electronic media has revolutionized global business practices, data control, and communication with its convenience and accessibility, but storing data electronically carries inherent risk, as this data format can be easily modified, manipulated, hidden, or shared.
Corporations today face ever-growing challenges to protect electronic property and information against illegal appropriation and malicious activity, the effects of which are dire to customers and operations as a whole. With the rapid and constant evolution of technology and incidental cyber security risk, 21st century fraud investigations require expert digital forensics skills to manage the complexities and legal issues of extracting and analyzing electronic evidence.
Andrews International (AI) provides expert engineers and architects to assess IT assets and critical systems. Our professionals are experts at finding electronic evidence, collecting it, preserving it, and presenting it in a manner that is useful to the customer, whether for internal auditing purposes or potential use in the prosecution of cyber criminals. We also consult with legal experts to provide the information necessary to mitigate vulnerability. AI offers the following international computer and digital forensic services.
AI provides expert engineers and architects to assess IT and cyber system infrastructure. Our professionals are experts at finding electronic evidence, collecting it, preserving it, and presenting it in a manner that is useful to the customer, whether for internal auditing purposes, civil litigation or potential use in the prosecution of cyber criminals. AI offers the following services:
- Electronic evidence acquisition
- Investigative and financial data analysis
- E-discovery (platform and consulting)
- Intellectual property risk control
- Litigation support
- Expert witness testimony
- IT security assessments
Throughout the forensic investigative phase, experienced analysts utilize established software, forensic hardware tools, and industry best practices. Our team of specialists assure that evidence is acquired in a forensically sound manner that ensures court admissibility.
As the process moves into the litigation stage, we team up with counsel to provide forensic analysis, e-discovery, and court-certified expert witness testimony.
AI can provide the tools, expertise, and processes to lighten the burden of protecting critical infrastructure and data. Contact us to find out how we can help manage and mitigate computer and cyber risks.
Referenced below are select cases handled by Andrews International professionals:
Former Account Executive Leaves and Copies Intellectual Property from Plaintiff's Systems
Engaged by Plaintiff to determine if former account executive breached his employment
contract. Forensically imaged the Subject's computer using Logicube's MD5. Staged and analyzed the forensic images in Encase. Through basic registry analysis, log files and examination of file date and time stamps, established that the user had in fact misappropriated sensitive client information by copying the data to a USB thumb-drive. The Windows Link files revealed that the user had accessed the client contact information from the USB drive after it was copied.
Provided Expert witness testimony.
University and Threatening E-mail
Assisted local university in tracing a threatening e-mail received by a professor.
Obtained e-mail headers and examined the SMTP routing. AI determined the identification of the ISP and provided client with advisory services on how to proceed, which was to file a lawsuit and obtain a subpoena duces tecum for records from the ISP and the web-based e-mail services provider.
FTC Shuts Down Websites Accused of Processing Stolen Credit Cards
Hired by Court appointed Receiver on behalf of the Federal Trade Commission to assist
in the seizure of a web hosting company which hosted many pornographic sites. The
Defendant was accused of processing stolen credit cards.
The day of the seizure, Andrews International entered as the digital forensic specialist for the Receiver and shutdown all remote connectivity. In addition, Andrews International obtained all login credentials and worked with FTC digital forensic specialists in the acquisition of workstations and logical acquisitions of MySQL Server based tables containing billing information. Andrews International performed velocity analysis of billed credit cards to identify trends of frequently used cards, and calculated revenue for varying periods. As a support role for the FTC, Andrews International provided results of analysis and copies of the billing records for the FTC to stage on their systems.
Hotel Operator v Hotel Owner
AI's role in the matter was to perform forensic analysis and expert witness testimony on behalf of Defendant. The Plaintiff alleged Defendant was gaining unauthorized access to the Plaintiff's computer network, and thus to e-mail and other proprietary and confidential materials located on the network, in violation of various statutes.
AI's forensic analysis was primarily focused on firewall forensics, which entailed analysis of firewall logs and identifying and classifying rejected packets to determine nature of rejections. Analysis was performed on electronic evidence provided by Plaintiff, and the case involved a few hearings and ultimately went to trial.
Provided expert witness testimony.
Resort Reservation Management Company v Former Employees for Theft of Intellectual Property (Source-Code)
Hired by the Plaintiff in this case, Andrews International was asked to carry a court order and forensically image computers from Defendant's operation. Thereafter, Andrews International was directed by Plaintiff counsel to determine if the source-code of the reservation management system originated or was the genesis of the Plaintiff's reservation system. The lawsuit entailed allegations that a former computer programmer and sales executive started up a competing company after the non-compete period lapsed, but used Plaintiff's reservation software system as the core for their system.
AI assisted counsel on drafting the motion for the forensic acquisition protocol, and carried it out on the computers. Thereafter, Andrews International staged the Plaintiff's system and the Defendant's SQL Server based system side-by-side for GUI comparison. Andrews International ran keyword searches using Encase on Plaintiff's servers and developer workstations to ascertain if Plaintiff source-code existed. Andrews International then proceeded to examine the data schema of Defendant's SQL tables and compared them to the Plaintiff's data structures and noted that through the order and case (upper/lower) that the Defendant's tables were created from either an import of the Plaintiff's files or simply typing the field names while viewing Plaintiff's files.
Defendants deposed Andrews International on all computer related aspects of the case. Thereafter, Andrews International provided expert witness testimony in one hearing where it successfully demonstrated that the developer had changed the date on his workstation to deceive the Plaintiff in this case. Furthermore, Andrews International illustrated that the Defendant used a CD to burn a copy of the Plaintiff's source-code just
prior to handing the computer over for forensic imaging.
International Bank Defrauded of $150,000,000 + (Civil & Criminal)
Andrews International's role was to act as the digital forensic specialist for a Court appointed receiver, which was a forensic accounting firm. Andrews International was on the scene when the operation was seized and assessed the technical environment to disconnect all remote connectivity and preserve all of the electronic evidence. Thereafter, Andrews International supported the receiver, and the FBI with general e-discovery and providing images and reporting from the AS/400 and various servers and workstations. The case involved a factoring company, which borrowed funds from the bank, and after defaulting on the loans a lawsuit was filed. The lawsuit alleged that owners of the factoring company had swindled funds to other companies owned by them.
Upon arrival Andrews International assessed the environment and disconnected routers and modems. Thereafter, servers and workstations were shutdown imaging process began with Encase. Upon completion, Andrews International staged images for viewing in Encase and started providing reports for ad-hoc requests. Andrews International mounted e-mail for viewing and ran various keyword searches and carved unallocated space for all relevant Microsoft compound documents. Andrews International provided the Encase images to the FBI as per their request, and to opposing counsel. Andrews International testified for the prosecution as an expert witness and the electronic evidence was introduced through its testimony.
Central American Country Superintendent of Banks' Intervention of Major Bank
Engaged by the Superintendent of Banks (SIB) and one of the Big 5 auditing firms to
provide advisory services to with respect to identifying all electronic stored information
(ESI) and developing a strategy for forensically acquiring relevant ESI, and prepare for
staging into an e-discovery platform. Andrews International met with SIB government officials, local lawyers and U.S. lawyers to define the scope and prepare an estimate of the acquisition phase.
Upon approval, Andrews International traveled to the country and put together a local team to assist in forensically acquiring ESI. Tools used in the acquisition and hash verifications included Encase, Logicube's MD5 and FTK Imager. ESI was gathered from workstations, servers with internal storage and SANs with logical RAIDs, log files from networking and internetworking devices.
Airline Anticipates Litigation -- Implements Litigation Hold and Prepares For e-Discovery Requests
Engaged by carriers outside counsel to design and implement a forensic ESI acquisition and evidence processing plan in support of anticipated e-discovery requests, Andrews International devised a plan to image the data and forensically acquire ESI from various locations using Logicube's MD5 and Encase. Andrews International's worked on extracting files from active space and carved files from unallocated, pagefile.ssys and hiberfil.sys from files, and then providing these files to an e-discovery service provider who in-turn staged files in Clearwell. The carrier's e-mail format was Groupwise, and due to Clearwell's inability to natively process Groupwise, Andrews International ran conversions to PST files using Paraben's Network E-mail Examiner and Transcend Migrator.
Company Sued in Personal Injury Case
Hired by Plaintiff to carry out a Court ordered production request. The judge was not satisfied with the documents produced by the Defendant, and ordered a digital forensic
specialist to search Defendant's systems for responsive documents related to insurance claims filed against the moving company.
Andrews International went onsite and assessed all environments where ESI resided and could possibly locate responsive documents. Data was located on two insurance claims systems -- the company is self-insured. One was an older commercial application on an AS/400 using a DB2 database, and the other was a proprietary system using SQL Server. An SQL Server data warehouse and a commercially available document management system were searched. In order to locate new responsive claims which the company had not produced, Andrews International created and run various SQL queries; used BusinessObjects to query and analyze the MS SQL Server data, and wrote scripts to tally and remove duplicate hits.
Work resulted in the production of additional responsive documents.
Security Consultants and Investigators
For consulting and investigations inquiries, please call 305.373.8488.
About Andrews International, Inc.
Andrews International, Inc., headquartered in Los Angeles, California, is an industry-leading full service provider of security and risk mitigation services. Through local offices in the United States and Latin America and nearly 150 strategic partners around the world, the company provides security services to a wide range of business sectors in all 50 states and internationally to many of the Fortune 500. The firm's portfolio of services includes uniformed security, consulting and investigations, personal protection, special event security, training, alarm monitoring and response, and disaster and emergency response services. For more information, please visit the Andrews International website at www.andrewsinternational.com.