Fully operational!

Wapack, while slow, is starting off nicely. Our lab is fully stocked and running its first pieces of analysis. This was our third week in operation at Wapack Labs. It's a great feeling, having our first pieces of work come through the door.

• We kicked off the lab doing work a nice piece of development business that helped bootstrap the lab.
• This week we received a set of drives sent to us by an IT consultant. We did our best for these guys. The array had died and the consultant had come to a point where they needed help. We were able to see and make copies of almost everything, and are working at pulling data off as we speak. Not everything will come off cleanly, but hopefully enough to allow their customer to keep operating.
• This week we were asked to author a proposal for another piece of work through a local  law firm. Our proposal is in. Fingers crossed.

In Wapack, while we're not doing criminal work yet, we have capabilities that can help management, HR, corporate attorneys identify employee ethics/misuse, export issues, or privacy information losses. I used to do work with some folks at Carnegie Mellon who specialized in insider threats... one of the hardest threats to detect and mitigate. In almost every case, insiders used computers to send intellectual property outside of the company --for various reasons --maybe they were starting their own company, helping another, or selling data. Often times, these employees were on personal improvement plans, had been told they needed to find new employment, or maybe just saw the writing on the wall. In most cases, the employee misuse could have been identified before the employee left by simply monitoring use during the time when an employee was suspected, notified, investigated, or had been told they were being terminated.

After termination, many employees will delete information from their drive. This is not always a reason for concern. Wapack can, often times, restore data that had been deleted. We can, as well, help identify information that might be being sent out of a company before the employee is terminated. Sampling employee laptops, submitting terminated employee laptops for analysis, or placing restrictions on employee movement while under a personal improvement plan or termination notice are all considered good practice, and Wapack Labs can help. Give us a call!

-Jeff

Why use Digital Forensics? Let us help you solidify your case!

Why Use Digital Forensics?

Working in the digital forensics field has opened my eyes to many other professional practices. Specifically in my job I deal with a lot of lawyers, law firms small and large, and plenty of litigation protocol. One of the most interesting aspects of the law field to me and specifically when dealing with on-stand experts, is that you don’t ask a question you don’t already know (or think you know) the answer to. This important factor made me think: Why don’t more litigators use digital forensics in their cases? Having a certified forensic expert helping you in your case is like giving you the answers to questions you haven’t even thought about asking!

Recently I worked in Chicago where I collaborated with lawyers throughout the country who had various levels of experience with digital forensics and computer investigations. One of my most memorable cases was an attorney from a very small law firm in the suburbs of Chicago who dealt with Employment and Labor law. This attorney had come to me with ongoing litigation concerns about an employee who left a company and went to work for a direct competitor within a matter of weeks.  This employee had been in a position where they were privy to a lot of sensitive data about the company (product specs, pricing models, client lists, sales leads, etc.). While we already knew that the employee had violated their non-compete contract, counsel was worried that the business might have been harmed by the theft of this sensitive information. I was brought in to either put these fears to rest, or create a “slam dunk” case with empirical digital evidence.

Not long after our initial conversation where I addressed what kind of things we may find in a digital investigation, counsel was able to procure the work laptop from the company. Within a week of receiving the device I was able to image (duplicate the evidence to be able to work on a copy), parse, index, and analyze the entire system. Combined with a simple questionnaire from the client, I had a complete understanding of the activities on the system. In this case (as with most investigations) I focused on the employee’s last two weeks at the company. I was able to pin down that before leaving the company (and pretty much right before walking out of the door) the employee was attaching USB thumb drives to the system, and copying data to these drives. Along with the USB devices, I could see that through emails and by viewing his Internet history (Gmail, DropBox, LinkedIn) that the employee had been planning to leave the company for some time. The combination of the employee’s actions, coupled with solid digital evidence, proved that sensitive information was taken from the company laptop, and copied to personal devices. Information provided by digitial forensic examination of the laptop provided counsel with ample means to win their case.

The best part for me on a personal level was that this case was the first time the attorney had ever used a computer investigation. It provided me the ability to teach counsel exactly what we do, how digital forensic science is proven in court, and how best to phrase his questions and shape his case to present what we found. Not only was this his first case involving digital forensics, but it was my first deposition as well! That give and take provided a great working relationship for the case going forward and the follow on investigations that arose from it.

At Wapack Labs we are driven to provide that same level of service to litigators throughout the Employment and Labor, Intellectual Property, and Technology law practices. Give us a call to see how we can help! Find us online at http://wapacklabs.com/ or give us a call at 603-606-1246. Be sure to follow us on LinkedIn as well as this blog.