As the epoch of the Information Age has come and gone, so has the novelty of the Internet and the artificial sense of security surrounding its business implications.
As financial institutions continue to migrate towards paperless environments, more and more intellectual property and proprietary information will reside in electronic form. Banks face ever-growing challenges to protect electronic property and information against illegal appropriation and malicious activity, the effects of which are dire to customers and operations as a whole. With the rapid and constant evolution of technology, and incidental cyber security risk, 21st century fraud investigations require expert computer and digital forensics skills to manage the complexities and legal issues of extracting and analyzing electronic evidence.
U.S. Security Associates (USA) and its alliance partners provide skilled engineers and architects to assess IT and cyber system infrastructure. Our professionals are experts at finding electronic evidence, collecting it, preserving it, and presenting it in a manner that is useful to the customer, whether for internal auditing purposes, or potential use in the prosecution of cyber criminals. We also consult with legal experts to provide the information necessary to mitigate vulnerability. We provide digital forensic services on an international scale.
Throughout the forensic investigative phase, experienced analysts utilize established software, forensic hardware tools, and industry best practices. Our team of specialists assure that evidence is acquired in a forensically sound manner that ensures court admissibility.
As the process moves into the litigation stage, we team up with counsel to perform forensic analysis, e-discovery, and court-certified expert witness testimony.
In addition to cyber security and forensic services, we also provide compliance and screening services:
USA will provide the tools, expertise, and processes to lighten the burden of protecting critical infrastructure resources. Contact us to find out how we can help manage and mitigate computer and cyber risks and ensure compliance with regulatory and enterprise goals.
Referenced below are select cases handled by U.S. Security Associates professionals:
Engaged by Plaintiff to determine if former account executive breached his employment contract. Forensically imaged the Subject's computer using Logicube's MD5. Staged and analyzed the forensic images in Encase. Through basic registry analysis, log files and examination of file date and time stamps, established that the user had in fact misappropriated sensitive client information by copying the data to a USB thumb-drive. The Windows Link files revealed that the user had accessed the client contact information from the USB drive after it was copied.
Provided Expert witness testimony.
Assisted local university in tracing a threatening e-mail received by a professor.
Obtained e-mail headers and examined the SMTP routing. USA determined the identification of the ISP and provided client with advisory services on how to proceed, which was to file a lawsuit and obtain a subpoena duces tecum for records from the ISP and the web-based e-mail services provider.
Hired by Court appointed Receiver on behalf of the Federal Trade Commission to assist in the seizure of a web hosting company which hosted many pornographic sites. The Defendant was accused of processing stolen credit cards.
The day of the seizure, U.S. Security Associates entered as the digital forensic specialist for the Receiver and shutdown all remote connectivity. In addition, U.S. Security Associates obtained all login credentials and worked with FTC digital forensic specialists in the acquisition of workstations and logical acquisitions of MySQL Server based tables containing billing information. U.S. Security Associates performed velocity analysis of billed credit cards to identify trends of frequently used cards, and calculated revenue for varying periods. As a support role for the FTC, U.S. Security Associates provided results of analysis and copies of the billing records for the FTC to stage on their systems.
USA's role in the matter was to perform forensic analysis and expert witness testimony on behalf of Defendant. The Plaintiff alleged Defendant was gaining unauthorized access to the Plaintiff's computer network, and thus to e-mail and other proprietary and confidential materials located on the network, in violation of various statutes.
USA's forensic analysis was primarily focused on firewall forensics, which entailed analysis of firewall logs and identifying and classifying rejected packets to determine nature of rejections. Analysis was performed on electronic evidence provided by Plaintiff, and the case involved a few hearings and ultimately went to trial.
Provided expert witness testimony.
Hired by the Plaintiff in this case, U.S. Security Associates was asked to carry a court order and forensically image computers from Defendant's operation. Thereafter, U.S. Security Associates was directed by Plaintiff counsel to determine if the source-code of the reservation management system originated or was the genesis of the Plaintiff's reservation system. The lawsuit entailed allegations that a former computer programmer and sales executive started up a competing company after the non-compete period lapsed, but used Plaintiff's reservation software system as the core for their system.
USA assisted counsel on drafting the motion for the forensic acquisition protocol, and carried it out on the computers. Thereafter, U.S. Security Associates staged the Plaintiff's system and the Defendant's SQL Server based system side-by-side for GUI comparison. U.S. Security Associates ran keyword searches using Encase on Plaintiff's servers and developer workstations to ascertain if Plaintiff source-code existed. U.S. Security Associates then proceeded to examine the data schema of Defendant's SQL tables and compared them to the Plaintiff's data structures and noted that through the order and case (upper/lower) that the Defendant's tables were created from either an import of the Plaintiff's files or simply typing the field names while viewing Plaintiff's files.
Defendants deposed U.S. Security Associates on all computer related aspects of the case. Thereafter, U.S. Security Associates provided expert witness testimony in one hearing where it successfully demonstrated that the developer had changed the date on his workstation to deceive the Plaintiff in this case. Furthermore, U.S. Security Associates illustrated that the Defendant used a CD to burn a copy of the Plaintiff's source-code just prior to handing the computer over for forensic imaging.
U.S. Security Associates' role was to act as the digital forensic specialist for a Court appointed receiver, which was a forensic accounting firm. U.S. Security Associates was on the scene when the operation was seized and assessed the technical environment to disconnect all remote connectivity and preserve all of the electronic evidence. Thereafter, U.S. Security Associates supported the receiver, and the FBI with general e-discovery and providing images and reporting from the AS/400 and various servers and workstations. The case involved a factoring company, which borrowed funds from the bank, and after defaulting on the loans a lawsuit was filed. The lawsuit alleged that owners of the factoring company had swindled funds to other companies owned by them.
Upon arrival U.S. Security Associates assessed the environment and disconnected routers and modems. Thereafter, servers and workstations were shutdown imaging process began with Encase. Upon completion, U.S. Security Associates staged images for viewing in Encase and started providing reports for ad-hoc requests. U.S. Security Associates mounted e-mail for viewing and ran various keyword searches and carved unallocated space for all relevant Microsoft compound documents. U.S. Security Associates provided the Encase images to the FBI as per their request, and to opposing counsel. U.S. Security Associates testified for the prosecution as an expert witness and the electronic evidence was introduced through its testimony.
Engaged by the Superintendent of Banks (SIB) and one of the Big 5 auditing firms to provide advisory services to with respect to identifying all electronic stored information (ESI) and developing a strategy for forensically acquiring relevant ESI, and prepare for staging into an e-discovery platform. U.S. Security Associates met with SIB government officials, local lawyers and U.S. lawyers to define the scope and prepare an estimate of the acquisition phase.
Upon approval, U.S. Security Associates traveled to the country and put together a local team to assist in forensically acquiring ESI. Tools used in the acquisition and hash verifications included Encase, Logicube's MD5 and FTK Imager. ESI was gathered from workstations, servers with internal storage and SANs with logical RAIDs, log files from networking and internetworking devices.
Engaged by carriers outside counsel to design and implement a forensic ESI acquisition and evidence processing plan in support of anticipated e-discovery requests, U.S. Security Associates devised a plan to image the data and forensically acquire ESI from various locations using Logicube's MD5 and Encase. U.S. Security Associates' worked on extracting files from active space and carved files from unallocated, pagefile.ssys and hiberfil.sys from files, and then providing these files to an e-discovery service provider who in-turn staged files in Clearwell. The carrier's e-mail format was Groupwise, and due to Clearwell's inability to natively process Groupwise, U.S. Security Associates ran conversions to PST files using Paraben's Network E-mail Examiner and Transcend Migrator.
Hired by Plaintiff to carry out a Court ordered production request. The judge was not satisfied with the documents produced by the Defendant, and ordered a digital forensic specialist to search Defendant's systems for responsive documents related to insurance claims filed against the moving company.
U.S. Security Associates went onsite and assessed all environments where ESI resided and could possibly locate responsive documents. Data was located on two insurance claims systems -- the company is self-insured. One was an older commercial application on an AS/400 using a DB2 database, and the other was a proprietary system using SQL Server. An SQL Server data warehouse and a commercially available document management system were searched. In order to locate new responsive claims which the company had not produced, U.S. Security Associates created and run various SQL queries; used BusinessObjects to query and analyze the MS SQL Server data, and wrote scripts to tally and remove duplicate hits.
Work resulted in the production of additional responsive documents.
Security Consultants and Investigators
For consulting and investigations inquiries, please call 305.373.8488.
U.S. Security Associates (USA) is one of North America's largest security companies, with 160 locally-responsive offices providing premier national security services and global consulting and investigations to customers in a range of industries. Recognized for world class customer service, leading-edge technology, and an enterprise approach to risk management, USA offers optimized security solutions to meet specific customer needs. USA is committed to building quality security and risk management programs that are Safe. Secure. Friendly.®. USA’s investment in a culture of excellence is reflected not only by BEST Awards from the American Society for Training & Development, consistent ranking on the Training magazine Top 125, and technology-driven quality management system, but also by the award-winning customer service delivered by the company’s leadership team and security officers on a daily basis.