Computer Forensic Services

Case Examples

Case Example of Intellectual Property Theft
Intellectual Property Theft

A professional staffing firm relied heavily on the use of a single spreadsheet that contained information on prospective…

Case Example of Instant Messaging Alibi
Instant Messaging Alibi

Law enforcement requested insight on a criminal case that involved a gang-related assault and battery outside of a high…

Case Example of IT Gone Rogue
IT Gone Rogue

An IT Director noticed that his network engineer, who was involved in a back-pay dispute with the company, was reading the HR…

More Case Examples Available Here

Arsenal provides comprehensive computer forensic services which include identifying, preserving, analyzing, and reporting on electronic evidence using methods acceptable in courts of law.

We appreciate the volatile nature of electronic evidence and the need to identify where it exists as soon as possible. Each of our clients has a unique "Universe of Data" deserving careful consideration. A typical corporate universe includes laptops, workstations, servers, networks, backup tapes, removable storage media, cell phones, and the Cloud. If electronic evidence exists anywhere in this universe and hasn't been identified, it can't be preserved.

There are numerous threats to the integrity of electronic evidence - from intentional acts of spoliation to the unforeseen consequences of normal user activity. Our expertise and battle-tested methodologies are critical to preserving electronic evidence in ways that withstand technical and legal scrutiny. We are well-versed in dealing with electronic evidence found in particularly sensitive locations such as cell phones, live computer systems, and the Cloud.

Arsenal performs analysis of electronic evidence using a combination of commercial, open source, and internally developed tools on high-end workstations. The techniques we leverage have been refined over many years through untold hours of research, testing, and design. Using the most powerful tools and methods, we uncover smoking guns that others simply cannot.

We distill huge amounts of technical information down to a concise form that our clients can both understand and act upon effectively. We convey important findings to our clients and courts via consulting and expert reports, affidavits, and testimony given during depositions and trials. Arsenal's exceptional reporting is often used to penetrate the smoke and mirrors presented by opposing parties in adverserial situations like litigation.

Arsenal appreciates the confidential nature of computer forensics engagements and carefully observes chain-of-custody procedures and other industry best practices. We secure evidence in a fire-resistant electronic safe and employ strong encryption of our clients' data following standards meeting or exceeding those used by law-enforcement agencies and our competitors.

Copyright © 2016 Arsenal Consulting All Rights Reserved.      Home | Services | Testimonials | People | News | FAQ | Contact

Evidence Spoliation

During an internal investigation, two executives were ordered to turn their laptops over to the company's outside counsel. However, neither the executives, nor their laptops, appeared at the designated time and place. Once the laptops finally materialized, forensic analysis was performed and remnants of evidence spoliation, more specifically data scrubbing, were found on both. Findings from the forensic analysis of both laptops were provided via testimony to a foreign law-enforcement agency which allowed them to secure a conviction related to Foreign Corrupt Practices Act (FCPA) violations.

Intellectual Property Theft

A professional staffing firm relied heavily on the use of a single spreadsheet that contained information on prospective employees. After a junior employee left to join a competitor, the company suspected their spreadsheet had been stolen. Upon issuance of an ex-parte temporary restraining order, forensic images were obtained from the competitor's computer systems and the data was analyzed on-site. The misappropriated spreadsheet was located on one of the computers. Following this discovery, the case was settled quickly in the plaintiff's favor.

Laptop Compromise

A financial service firm's IT personnel installed remote access software with a weak password on an executive's laptop. The computer was easily exploited by attackers over the Internet. Forensic analysis was performed and resulted in the identification of unauthorized remote-access activities from around the globe, including evidence that the laptop had been attached to a "botnet" that was awaiting further orders. A detailed narrative report was developed which helped the client understand the extent of their exposure. A forensic image of the laptop was sent to federal law-enforcement officials to assist in the ensuing criminal investigation.

Instant Messaging Alibi

Law enforcement requested insight on a criminal case that involved a gang-related assault and battery outside of a high-school dance. One of the suspects, with no known gang affiliation, claimed to have been instant messaging with a friend during the time of the altercation. Forensic images were obtained from the computers of the suspect and his friend, which included the chat sessions in question, and no evidence was found that they had been tampered with. After reporting the findings to the District Attorney's Office, charges against the suspect were dropped.

Source Code Theft

A software developer was alerted by one of their customers that a post had been made to an online forum, in a foreign language, that offered the complete source code to one of their unreleased products. With the assistance of a translator and a private investigator, the post was identified and preserved successfully, online contact was made with the poster, and a copy of the source code was downloaded directly from him. A private investigator made contact with the poster, in person, and he identified the source of the leak in the company's software development team.

IT Gone Rogue

An IT Director noticed that his network engineer, who was involved in a back-pay dispute with the company, was reading the HR department's email without authorization. The IT Director alerted HR, the network engineer was escorted from the building, and forensic images were obtained from his computers. Evidence of unauthorized monitoring, piracy, and pornography were found. The employee was terminated and his pending disputes were settled in the company's favor.

Server "Crashing"

A retail company's IT staff were unable to access their mail server which was hosted by a third party. The company first suspected something had gone awry when they received suspicious information about the server "crashing." To investigate, IT staff physically retrieved the server and forensic images were obtained from multiple hard drives contained inside. Forensic analysis revealed not only that configuration information for the hard drives had been destroyed, but the hard drives had been physically removed from the server then returned in the wrong order. Once the findings of forensic analysis were reported via expert report and deposition the plaintiff prevailed in federal court.

Date and Time Manipulation

An individual sued his former employer for wrongful termination related to a whistle blowing complaint he had lodged in federal court. One of the plaintiff's claims was that the company had doctored his resume to support claims regarding his misconduct. The plaintiff was ordered to make his laptop and electronic media available for forensic imaging. Forensic analysis revealed multiple instances of date and time manipulation on the plaintiff's laptop, as well as deletion of relevant documents that were subject to a preservation order. The analysis also found the original resume, that the plaintiff had claimed his former employer had doctored, in deleted space on one of the floppy disks forensically imaged. Noting that the "Plaintiff has engaged in extensive and egregious misconduct in this case," the judge allowed the company's motions to dismiss and for further sanctions.

Piracy for Profit

A production company recognized that the films they produced for the Asian market were being ripped from their DVDs, watermarked, and re-sold online. With the assistance of a translator, the company's content was identified and archived, relevant network communications were captured, and a complex web of suspicious online relationships were identified. Findings from the forensic analysis resulted in a court order that authorized the seizure of a mail server to assist in identifying the suspects' true identities.