IT Forensics

Case Work Examples for Philip M. Matusiak – IT Forensics Analysis and Expert Witness / Expert Witness Testimony

· Expert Witness Testimony – Michigan Public Intoxication – Forensic analysis of police dash cam video and testimony as expert witness in Michigan court.
· Network / Email Analysis – International Corporation – Examination and Network Tracking of compromised emails leading to multi-million dollar fraud of international auto parts organization. Case involved large banking organizations and international investigations, including China and Nigeria.
· Crime Scene and Video Enhancement / Data Analysis – Ohio Murder Trial – Case involved many aspects of analysis of crime scene video and height analysis of suspects in area in an Ohio murder trial. Also involved date / time stamp validation of multiple camera’s involved in analysis.
· Expert Witness Examination – Michigan Family Court Matter – Audio / Video examination and data analysis (meta data) of accused individual involving mature videos possibly being displayed to underage children.
· Forensics Investigation – Higher Education University located in State of Michigan – Investigation and analysis of student device and suspected submission of false online examinations.
· Expert Witness Examination Police Dash Cam Video – State of Michigan v. suspect – Case involved a police chase with fleeing suspect. Analysis of police dash cam video to identify suspect fleeing / suspect height and investigation of engineering specifications of suspected vehicle.
· Civil Case – Broward County Florida Business – Case involved web site and public defamation of character, tracking of data sources of information and published time frame of data in cloud.

Services provided within the Computer / IT Forensic Field

· Analysis of Computers and Data in Criminal Investigations
· Onsite Seizure of Computer Data in Criminal Investigations
· Analysis of Computers and Data in Civil Litigation
· Onsite seizure of Computer Data in Civil Litigation
· Analysis of Company Computers to Determine Employee Activity
· Assistance in Preparing Electronic Discovery Requests
· Reporting in a Comprehensive and Readily Understandable Manner
· Court Recognized Computer Expert Witness Testimony
· Computer Forensics on PC & Mac™ Platforms
· Computer Forensics on Networks also
· Computer Forensics on All Microsoft™, Novell™ & Linux Platforms

What Is Computer Forensics?

Computer forensics is the collection, preservation, analysis, and court presentation of electronic evidence. The proper collection and analysis of computer evidence is critical in many criminal investigations, civil litigation (electronic evidence discovery) and corporate internal investigations. Finding the “smoking gun” may not benefit an investigation if the examiner cannot establish in a court of law that the subject computer evidence was not corrupted or tampered with. The techniques we use enables the non-invasive recovery of all existing information on the subject drive, including deleted files and fragments thereof, while preserving a proper chain of custody under standard computer forensics protocols.

Why computer forensics?

The vast majority of documents now exist in electronic form. No investigation involving the review of documents, either in a criminal or corporate setting, is complete without including properly handled computer evidence. Computer forensics ensures the preservation and authentication of computer data, which is fragile by its nature and can be easily altered, erased or subject to claims of tampering without proper handling. Additionally, computer forensics greatly facilitates the recovery and analysis of deleted files and many other forms of compelling information normally invisible to the user.

Prior to conducting on-site electronic discovery, preliminary information pertaining to the target machine and operating systems must be determined. Each computer system (platform) is different, and poses different types of technological issues for the effective and non-invasive imaging of the media. Determining in advance whether the computer is a desktop or notebook, the size and type of the hard drive, the manufacturer and year of manufacture, the operating system, and the type of browser and email package being used (Netscape mail, Outlook, AOL, etc.) is critical and will eliminate the potential for numerous technological glitches in the field. Each computer may require a different type of interface or adaptor. Additionally, determining the system architecture of the opponents’ premises will assist the forensic examination team in verifying that all applicable systems and source media are identified and imaged.

In addition to the “traditional” locations of electronic evidence, such as computer hard drives, off-site servers, mirror sites, backup tapes, and removable media such as diskettes, etc., critical evidence may exist in a number of other locations. Some fax machines contain exact duplicates of the last several hundred pages of documents transmitted and received. Digital telephone systems may contain computer logs of all calls made and received, and often store voice mail messages in digital form on hard drives (.wav files). Network audit programs (if properly configured) can contain a history of all files accessed, downloaded or printed. Network firewalls monitor all web sites visited, external (outside of the Network) communication and information transmitted or received from the Internet.

Summary

During the last five years, there have been exponential advances in technology and with the advent of the Internet; computers have become pervasive in everyday life. As a result, digital data in some form or another will be critical to most types of civil litigation and criminal proceedings.
The tools for conducting forensic examinations have also rapidly evolved, expediting the ability for securing evidentiary images, guaranteeing the integrity of digital evidence, and reducing the time and resources necessary for conducting a comprehensive examination of electronic media.
There is a rapidly emerging trend to use computer forensics for a broad range of civil litigation matters involving intellectual property rights, trademark infringement, misuse and theft of trade secrets, patent and copyright violations, as well as more traditional matters such as employment law litigation and criminal fraud.

Contact Us

Contact Philip Matusiak at philm@drmdev.net or (954) 657.1018.