-
Phase 1: Preparations
Initially the IT/ESI professional will review pleadings and focusing on the government’s injunction motion. From the motion, key domain name information is gathered to assist in the identification of cloud based repositories which may have been overlooked. With the cloud services identified, along with pertinent contact information, the IT/ESI professional is prepared to take control of the services, and shorten the window of opportunity the Defendants may have to tamper or destroy the ESI.
-
Phase 2 : D-Day
The team (local law enforcement, plaintiff agency, receiver, receiver’s counsel and Receiver’s professionals (IT/ESI and accountants)) coordinate efforts to safely enter premises and notify named defendants and employees of the temporary injunction, and appointment of receiver. The IT/ESI professional immediately begins the marshalling process by physically disconnecting access to or from the business by means of disconnecting internet and wireless access points to the facility. Other related lockdown actions:
Instruct team to refrain from accessing digital assets until pertinent systems are identified and forensically preserved;
Obtain administrator level account names and passwords of ALL internal systems and hosted services from the network administrator;
The Order will generally demand the defendants’ full cooperation including handing over all credentials. In cases where no personnel is available, or fail to cooperate, the IT/ESI professional will resort to digital forensics to recover or reset password, and;
Change administrative contact information and administrator/user level credentials of hosted environments such as domain name registrar; hosted e-mail services; cloud storage and website hosting services.
-
Phase 3: Preservation
Upon confirmation that the defendants and employees are effectively restricted from accessing any systems, the IT/ESI professional will consult with the Receiver to identify key custodians and systems requiring forensic preservation. As systems are forensically imaged, the IT/ESI professional will stage or make available systems to other receiver team members such as the forensic accountants.
From inception, it is incumbent on the IT/ESI professional to maintain a log detailing activity, inventory of computer assets, software applications, cloud service providers, credentials, configuration changes, information technology related vendor contact information, etc..
General IT support, such as providing WIFI internet access solely to team members’ laptops, is provided.
-
Phase 4 : Site Redirection
One of the key functions of the Receiver is to launch an efficient medium to communicate with interested parties, such as employees, defendants, creditors, customers and vendors. As the receivership progresses -- particularly in the first months -- pleadings and important announcements will need to be posted in the public domain.The IT/ESI professional will generally publish and maintain a new website on the Receiver’s behalf. All identified business websites are redirected to a new receivership site.
Ongoing support by the IT/ESI professional continues, which generally entails:
Providing privilege reviewed documents/e-mails to plaintiff agency;
Producing documents/emails to Defendant for defense against complaints;
Recovering deleted documents, e-mails and financial databases/spreadsheets; and
Determining billing status (cycles, open balances, expiration dates, renewal status, payment methods, etc.) of IT related services;
-
In cases where the defendants’ motion to dismiss is denied, or the injunction becomes permanent and the business must discontinue operations, an orderly shutdown is carried out. All employees,
and property and executory leases are terminated, and the IT/ESI professional assists with the cancellation of IT related contracts, and subscriptions.
Phase 5 : Completion
