In general we serve as digital detectives. We find relevant data, offer opinions concerning the origin and nature of that data and present it to our clients for evaluation. When necessary we present expert testimony and opinions concerning our findings.

HOW WE HELP CLIENTS

Employees

At the very least we would forensically image the employee's hard drive and any personal devices before the unit is put back in service in order to defend any allegations after employee departure (unlawful termination, gender/race discrimination etc.) It usually takes 2 years to file suit. This could be described as a risk mitigation strategy.

Cases we have worked where employer either suspected employee mischief or we discovered it on analysis of departing employee computer:

  • Departing employee takes price lists, client lists, formulas, proprietary information
  • Departing employee shares data with potential new employer
  • Departing employee installs malware for purpose of accessing data remotely
  • Current employee running side business using company resources.
  • Current employee bypassing security for personal reasons (porno, limewire)
  • Employees connecting and storing company data on cell phones, blackberries, Ipads etc.
  • Current employee takes personal data of fellow workers, to include financial and personal ID data
  • Current employee solicits employers clients for his own business

An important point to remember is that in most cases we were not specifically tasked to search for this evidence but uncovered it either through our standard departing employee computer examination or while investigating other stated objectives (such as looking for pornography or internet misconduct)

Specifically what we do:

  • Recover and analyze recent data accesses in areas unknown to user (cache file accesses, link files,)
  • Document USB attached external devices history and correlate file accesses/deletions to these instances
  • Discover suspicious emails such as sending attachments sent to self
  • Produce questionable data for review by those with institutional knowledge
  • Produce corporate emails filtered for a certain time frame or between selected parties such as a direct competitor.
  • Recover any email communications outside of corporate environment such as web based email accounts
  • Document any anomalies or unusual files/folders which exist
  • Documents and recover any deleted files especially toward end of employment
  • Produce digital trail of user activity on local system and network
  • Detect and explore nature of any installed malware
  • If indicated we can do a comprehensive search of all residual data areas on hard drive and document results.

Why 3D and not in house IT staff or other vendors/forensic accountants:

  • We are trained as investigators with experience in following leads, handling evidence, maintaining chain of custody and if necessary testifying in court. NB: At trial credentials of experts comes into question. In addition the process as well as product of the forensic examination comes under scrutiny.
  • We are non-interested party. We have no dog in the hunt.
  • Accountants only concentrate on active financial data and do not have capability of recovering and discovering ambient data. They are not trained in discovering data, are not interested in pursuing leads outside the accounting realm, cannot recover deleted or ambient data, break passwords or create a user timeline of activity. We have worked in conjunction with forensic accountants to retrieve data that he will then scrutinize for accounting irregularities.
  • We will maintain custody of the forensic image indefinitely as part of our service.
  • We are more cost conscious than competitors since we have lower overhead, charge by hour instead of by drive and do not charge for “machine time.” We prefer hardware sent to our lab directly, saving travel and lodging costs and avoiding unnecessary problems which can occur with on- site acquisitions.