e-Discovery Processing


Forensic Analysis

Forensic analysis is necessary when there is a belief that electronic data may have been deleted, misappropriated, or otherwise managed in an inappropriate manner. The goal of forensic analysis is to develop sufficient information about the data or equipment, its use (or misuse), the individual(s) responsible, and then to develop as clear a picture as possible of what occurred, when it occurred and how it occurred. In other words, forensic analysis allows you to go deeper, in order to make your case stronger.

The Oliver Group (TOG) can perform a wide variety of forensic analysis tasks to meet the needs of clients. For each matter, we work closely with the case teams to identify the goals of the investigation and keep in close communication with the client as analysis progresses. Forensic analysis is much like working with a puzzle that has missing pieces - if find enough pieces, you can see the picture in the puzzle.

For most mainstream file systems associated with Windows, Mac OS, and UNIX/Linux platforms, forensic analysis can be utilized to recover and report on data not readily visible or accessible to users or standard e-discovery software. Analysis is performed on one or more systems of interest, typically a custodian's laptop, desktop computer, removable media and/or mobile devices where key pieces of evidence may be residing. Forensic Analysis requires the use of specialized tools and is performed by individuals with specialized skills.

While each matter is unique in its objectives and scope, TOG experts employ software such as EnCase® Forensic and Access Data's Forensic Toolkit® (FTK®) , among other specialty tools, to perform the analysis. These tools are well-regarded and understood in the technical and legal communities, and are routinely identified and generally accepted in court during expert testimony. TOG has a variety of other software and hardware tools it uses based on the specific type of analysis required. A wide array of options are maintained to allow for the maximum degree of flexibility when it comes to meeting specific client needs.

For projects that require forensic imaging and analysis of hard drives, TOG can also include or exclude the acquisition of deleted files. The ease of recovery of deleted items is dependent on the specific data source, local policies in place and utilities used. TOG can also provide forensic recovery of deleted file fragments or files by searching using keywords, phrases or file headers. Other common forensic analysis requests include identification of specific files; deletion analysis and trends; internet history analysis; existence of wiping software; source code analysis; and others.

Aside from the more common forms of forensic analysis, TOG also employs a series of tools that accommodate the examination of data from more specialized sources such as Apple Mac computers, mobile devices and enterprise-class information systems. Best-of-breed products from companies like Pinpoint Labs, Cellebrite, BlackBag Technologies and Oxygen Forensics are used to meet the dynamic needs of global clients for robust, defensible solutions.

Use of social engineering methods can also help identify potentially responsive data sources prior to the utilization of forensic tools. Through technical questionnaires, custodian interviews and system analysis, TOG experts can target the highest priority data sources at the earliest stage in the process.

At the conclusion of the analysis, a comprehensive report is produced for each forensic analysis task, which details the analysis objectives, results and any recommendations for further assessment. All reports pass through a rigorous internal quality review and are developed by high-skilled, certified examiners.

Password Cracking

As forensic analysis involves looking into every pocket of potential evidence, TOG analysts sometimes need to overcome encryption or passwords present at the machine, archive, or file level. TOG employs various processes in the event that password-protected or encrypted files/media are identified. These methods range from basic cracking programs as well as large scale brute force techniques.

Intellectual Property Theft  Investigations

The investigation of Intellectual Property (IP) Theft has become all too common. International industrial espionage is on the rise, employee turnover remains a constant concern and competitive industries are always seeking an edge. Disgruntled employees or those considering "greener pastures" often target client lists, patent information, engineering specifications, product designs, pharmaceutical data, source code and other proprietary information before leaving a company. The need to have a proactive and/or reactive option for addressing issues related to information theft, misuse, abuse and redistribution crucial. These investigations can take place during the employee separation process or in response to a suspected event . TOG has many years of experience in this area and regularly addresses the needs of international organizations with a defensible and practical approach to investigating IP Theft of all types, at all levels.

Using a variety of tools, procedures and strategies, certified TOG examiners can establish a story and time table surrounding a suspected event and report their findings in a factual, functional and logical format. Initial phases of these investigations focus on developing an understanding of the scope of user access to data, the components that constitute their actual computing environment, and the elements that would define appropriate and inappropriate computer use on a per user basis. With this information, TOG experts can employ either a standardized or customized approach to forensic analysis that will yield fact-based results that can clarify suspected events as either misunderstandings or indicate wrong-doing.

Consistent with other forms of forensic analysis offered by TOG, findings are professionally summarized in an expertly written report that guides the client toward final conclusions. In addition, TOG is willing and able to provide affidavits, depositions or expert testimony related to the forensic analysis performed during an examination.

If wrong-doing is established, TOG also has the ability to assist with the process of regaining any possible control of stolen data through a series of well-developed and tested data deletion and device wiping processes.