E-Forensics assisted counsel on drafting the motion for the forensic acquisition protocol, and carried it out on the twenty-five computers. Thereafter, e-Forensics staged the Plaintiff’s system and the Defendant’s SQL Server based system side-by- side for GUI comparison. Keyword searches were executed using Encase on Plaintiff’s servers and developer workstations to ascertain if Plaintiff source-code existed. E-Forensics then proceeded to examine the data schema of Defendant’s SQL tables and compared them to the Plaintiff’s data structures and noted that through the order and case (upper/lower) that the Defendant’s tables were created from either an import of the Plaintiff’s files or simply typing the field names while viewing Plaintiff’s files.
Defendants deposed Mr. Peña on all computer related aspects of the case. Thereafter, e-forensics provided expert witness testimony in one hearing where it successfully demonstrated that the developer had changed the date on his workstation to deceive the Plaintiff in this case. Furthermore, it was shown that the Defendant used a CD to burn a copy of the Plaintiff’s source-code just prior to handing the computer over for forensic imaging.
Forensic analysis was primarily focused on firewall forensics, which entailed analysis of firewall logs and identifying and classifying rejected packets to determine nature of rejections. Analysis was performed on electronic evidence provided by Plaintiff, and the case involved a few hearings and ultimately went to trial.
The day of the seizure, we entered as the computer forensic specialist for the Receiver and shutdown all remote connectivity. In addition, we obtained all login credentials and worked with FTC computer forensic specialists in the acquisition of workstations and logical acquisitions of MySQL Server based tables containing billing information. We performed velocity analysis of billed credit cards to identify trends of frequently used cards, and calculated revenue for varying periods. As a support role for the FTC, we provided results of analysis and copies of the billing records for the FTC to stage on their systems.
E-forensics was called in to head up the electronic investigation and assist local law enforcement. Provided advisory services on bringing the system back online immediately after relevant systems (computers and logs) were preserved. An analysis was performed to reproduce the results, which among other things, revealed through the System Event that the former employee had logged in and initiated the deletion of users and shutdown the Exchange Server. It was also learned that the employee had partially wiped a company laptop prior to returning the computer.
Findings and images were provided to the assistant State attorney’s computer forensics team, along with hash values and chain of custody documentation.