• Electronic discovery, acquisition/imaging, verification, analysis and reporting
  • Information technology forensic acquisition/imaging, verification, analysis and reporting
  • Technology consulting and expert witness services
  • Discovery strategy development
  • Employee termination disk imaging and storage
  • Corporate computer use policy monitoring
  • Corporate document retention policies and procedures

ForenTech Case Experience

  • Source code theft and use by former employee
  • Examination of fax communications infrastructure to determine whether faxes were inter- or intra-state
  • Examination of computers to prove theft and sabotage by former employees hired by competitor
  • Examination of telephone/computer infrastructure to determine whether calls were recorded illegally
  • Recovery of critical customer file destroyed by former executive
  • Examination of an IT manager’s computer for downloaded pornography to prove download of pornographic files to support the decision to fire him for inappropriate use and sexual harassment of a female co-worker
  • Examination of custom software in support of litigation for non-performance against the software development company

Legal Support & Services

We work with attorneys on forensics discovery for computer and information technology systems, discovery strategy, and general IT expert consulting and witness services.

  • ELECTRONIC DISCOVERY CHECKLIST: When you are preparing interrogatories, requests for admissions, subpoenas, or depositions, there are a number of questions that should be considered. Click HERE for a list that should help you get started
  • ELECTRONIC DATA DISCOVERY: LITIGATION GOLD MINE OR NIGHTMARE? Computer forensics and electronic data discovery are potent tools that litigators are using at an accelerating pace.

Numerous evidentiary objections are available in seeking to exclude the evidence. Care must be taken in the extraction, preservation and presentation of electronic data to overcome the common objections

Basically, we provide services and support that help attorneys to better understand the more complex computer forensic and information technology issues that come up in the course of running their practice.
Using cutting-edge software, hardware, knowledge, and methodologies, we provide cost-effective solutions tailored to each customer and project and help to substantially reduce the threats and costs associated with litigation.

We realize you might not have a need for our services at this time, however, with greater than 90% of all business records now created and stored electronically, it is likely that in the future you or a client will.
Or, a colleague could ask you for a reference. In either situation, we would like you to remember us and give us the opportunity to present our services.

Electronic Discovery Checklist

Here are 38 questions that could be asked when you are preparing for an electronic discovery request. If you don’t understand them as well as you feel you should, please contact ForenTech.

1) Who is the system administrator? Who are the other employees who may be knowledgeable about the electronic data or IT systems in questions?

2) If there is a network, is it a local area network (LAN) or wide area network (WAN)? What is the configuration of the network? Are there firewalls (either software or hardware?)

3) Identify all servers and their functions – e.g., web servers, mail servers, print servers, database servers. What operating system and version are they running?

4) What kind of backup system is being used? What is the media – e.g., tape, CD, DVD, Zip Disks – and what backup software is used?

5) What are the logging and system authentication practices that are being used?

6) What other equipment is being used onsite? This could include notebook computers, PDA’s, cell phones, fax machines, printers, pagers, and voice mail. It is important to make sure your request includes these.

7) What kinds of data storage media are being used? This could include diskettes, Zip Disks, CD-ROM, CD-RW DVD, tape, memory cards, memory sticks, USB key-chain type devices etc.

8) What equipment/media/software is being used offsite?

9) Has any of the equipment been taken out of service to prevent data from being overwritten? If data has been retrieved from any computers, have the proper imaging software and methodologies been employed to prevent changing dates of modification, access, users etc.?

10) Have the proper steps been taken to preserve the evidence? Have employees been instructed not to alter or delete electronic data that may be at issue? THE BEST WAY TO ASSURE THIS IS TO HAVE FOR ENTECH PERFORM A FORENSIC MIRROR IMAGE OF ALL STORAGE MEDIA IN QUESTION. Is it understood that all equipment in question should not be replaced, sold, or discarded?

11) Has a preservation of evidence letter been written? Is a protective order necessary?

12) What operating system and version are the workstations running on? How big are their hard drives? What are the system passwords? (CONTACT FORENTECH IF YOU NEED THESE CODES CRACKED)

13) Who are the users of the workstations and of any other equipment – e.g., notebooks?

14) What email program is used? Is web-based email also used – e.g., Hotmail? Is the email server internal or third-party?

15) Is there any software installed that monitors employees? If so, what is it monitoring? Obtain any logs and reports.

16) What anti-virus software/version is used?

17) Is instant messaging (IM) being used? What kind and version?

18) Is there a policy, and if so, what is it for the retention and disposal of electronic data?

19) Are there, and if so, retain them, any policies and procedures relevant to employees and their electronic data.

20) Are there any system audits or similar reports available?

21) Are there plans for a forensics acquisition? If so, will it be performed on or off-site? Who will do it? What are their methodologies? (NOTE: THIS IS WHERE YOU STRONGLY WANT TO CONSIDER USING FORENTECH)

22) If there has been a forensic acquisition, who performed it? What software and hardware was used in the acquisition?

23) Has anyone touched or altered in any way any evidence prior to the forensics acquisition? The concern here is rendering evidence inadmissible such as by something as small as a date change.

24) Is there any equipment in anybody’s home or remote office that may contain relevant information?

25) Is remote access (e.g., PC-Anywhere, Virtual Private Network) used? If so, what kind? What security methods are used to control remote access?

26) Identify any authentication and other security procedures that are in use and consider what impact they may have on the evidence or what additional evidence they might provide you.

27) Is there any data encryption being used? If so, request the encryption keys.

28) Identify all commercial software applications in use.

29) Identify any custom software applications in use.

30) Identify all databases in use – e.g., Oracle, MS SQL-Server, etc.

31) Have there been any changes to the system or policies and procedures regarding electronic data during the time period in question?

32) Is any of the electronic data in question protected by intellectual property rights?

33) How should the evidence be turned over – i.e., in what format and on what media?

34) Consider how you can limit any request for electronic data so that it is not overbroad. Do you know which individuals were involved? Is there a specific time period in question? Is there a defined subject matter at issue? Is the evidence likely to be in spreadsheets, in email, in graphics files?

35) Start thinking of a list of keywords to use in searching data for relevant material.

36) As the requesting party, are you willing to pick up the costs of evidence acquisition and analysis? Costs are often a major issue, and being willing to bear the costs might soften your opponent’s resistance and be worth it to you if the evidence you seek is almost certainly there.

37) Consider whether computer forensic experts on each side should confer to resolve any technical issues or concerns with attorneys for both sides present.

38) If the parties can’t agree on search parameters, consider having a neutral, court-approved expert who will acquire and analyze the forensically acquired data in accordance with the court’s order, and
tender all relevant information to the producing side who can then screen for privileged or proprietary data before producing to the requesting party.