Forensics

Cases have included the recovery of messages and financial data, the detection of tools to intentionally spoil court-ordered production of digital data and the recovery of password-protected files.

Findings are typically presented in a confidential context with comprehensive written reports, graphical exhibits, executive-level presentations, depositions, briefs and other litigation support and court testimony.

Collaborating with our clients, Treaty Oaks begins each engagement with thorough project planning and cost scoping. Each of our work plans is crafted with precision. Quality is controlled along the way by tight standards of performance . . . There's almost an artisan's pride that infuses our work.

The Treaty Oaks team offers the following digital forensic services:

• Enterprise Electronic Discovery
• Digital Forensic Examinations for Litigation Support and Testimony
• Applications Software Forensic Analysis
• Clinical Training in Professional Digital Forensics
• Digital Imagery and Closed Circuit TV Forensic Analysis
• Information Systems Misuse Investigation
• Systems Survivability and Intrusion Detection

Enterprise Electronic Discovery

A discovery project typically entails data mining across all systems throughout the enterprise - from desktop to servers, peripheral devices to computers - including 'active' data in use or recovery of 'deleted' data or data that has been hidden through encryption or stegnography techniques. (Stegnography is the act of hiding information inside of information.) Often electronic discovery involves recovery of very large data sets for civil investigation and litigation matters.

The Treaty Oaks difference . . . 

Treaty Oaks can trace digital evidence across all systems and media, all platforms and the network that connects it all. We find the entire data trail and re-create the whole picture of transactions, access and manipulation. If it's digital, we can find it.

Our proprietary systems tools and instruments assure the rapid organization and compilation of the data regardless of the size and scope of the project. We use acquisition tools commonly used only by law enforcement and us. What this means is that acquisitions are quick, with little to no company downtime required. We also can access information and devices not previously thought possible, e.g., faxes.

With tremendous computational and storage capacity, Treaty Oaks can handle very large and complex data mining projects, at fast, efficient speeds for searching and characterization. In fact, we have experience with some of the largest data mining projects ever done. And we have the project management skills to manage these cases. We know the potential bottlenecks and problems. The result contained costs and no surprises.

 

Digital Forensic Examinations for Litigation Support and Testimony

Digital forensics is the unbiased, ethical and science-based professional practice of safeguarding, retrieving, investigating and reporting of digital evidence in situations of alleged data misuse. The process usually involves:

• Chain of custody: documenting the 'who, what, when and where' of the history of information that has been created, stored and modified on a digital device. The process of the forensic analysis itself is documented in order to safeguard the integrity of the investigation against alteration, inadvertent modification or spoliation.
• Acquisition: making an exact copy of all data contained on the media, while protecting the data from any changes during the process through 'write blocking.'
• Data recovery: retrieving data that has been previously 'deleted.'
• String or term searching: checking for the presence of programs, graphic images, key words, cryptographic markers or steganography.
• Reporting: analyzing, summarizing, documenting and communicating complex findings in clearly understood language for use in litigation support and testimony.

We have the expertise and experience to search virtually every digital device. For example . . . 

• Cell phones
• PDAs and Palm Pilots
• USB keys
• Digital cameras
• Fax machines
• Printers
• Phone systems
• PCs to enterprise servers. any platform, size, or use, from Macintosh laptops to Unix enterprise servers and everything in between

The Treaty Oaks difference . . . 

With experience as a court-appointed special master and over 30 at-trial or sworn testimony appearances, Treaty Oaks provides expert validated forensic findings for administrative, punitive, civil and criminal proceedings - for prosecution or defense.

The Treaty Oaks difference is a combination of competence, experience and technology:

• A special expertise in anti-forensics, which is the use of tools, techniques and processes to intentionally modify, alter or eradicate data from a specific digital device involved in a forensic investigative matter. We know the tricks of the trade in attempted data-hiding . . . as very few others do.
• Some of the fastest state-of-the-art technology acquisition tools in the market cut the time required to as little as half or a third of traditional data acquisition methods. Faster data acquisition translates into cost savings for the client. In fact, Treaty Oaks is unique in that we customize our use of various search tools based on the specific needs of the case. We're not limited to the strengths or weaknesses inherent in a particular tool. We have invested in our technology and c combine the strength of several tools to provide the best possible results. Our unique tool set, along with our unprecedented computer power, allows Treaty Oaks to handle extremely large sets of data and compile results quickly, efficiently and cost-effectively.
• Superior documentation and presentation of evidence . . . Clearly articulated evidence - especially highly technical information - and courtroom demeanor are critical to building and winning a case at trial. We know this and place these skills as a high priority and core competency.

Treaty Oaks has provided litigation support and expert testimony in court for both civil and criminal matters, ranging from felonies to capitol offences, for some of the largest digital forensic examinations in the country, as well as in divorce and property valuation disputes. Treaty Oaks builds a bulletproof investigation for trial and deposition review . . . Our testimony has neverbeen overturned in trial.

Our process is client-oriented and designed to facilitate lawyer review and strict evidentiary standards. Treaty Oaks creates project plans that clearly define the process, the timing, the costs and the expectations. Detailed process and data documentation assure that evidence is admissible, usable and beyond scrutiny in its integrity.

 

Applications Software Analysis

With extensive knowledge in many different computer languages, Treaty Oaks examines and compares code across programs and platforms to determine stolen, plagiarized, or altered code.

Also known as 'code analysis,' this service examines program codes to determine whether the program was stolen or altered by accident or malicious intent. Examples include looking for product malfunction and employee sabotage.
Analysis involves obtaining the code and analyzing the following characteristics:

• Origin
• Structure
• Form
• Style
• Uniqueness of the code
• Spelling or grammatical errors

In applications software analysis, there are sometimes other clues in the code, beyond those listed above, which reveal the 'characteristics' of what actually happened. Treaty Oaks probes beyond the usual to the unusual. No possibility is too remote in our quest for evidence and understanding.

Treaty Oaks' examiners have broad code analysis experience, including but not limited to:

• Fortran Cobol
• Pascal Basic
• C / C++ Visual Basic
• Java MATLAB
• PERL Shell scripts
• Controller logic

The Treaty Oaks difference . . . . 

Treaty Oaks offers a unique combination of skills to uncover even the most subtle code alterations. Examiners are also experienced forensics professionals. We excel at tracking code, verifying its intent, and identifying flaws or unique traits. Just as an English teacher can read a paper and tell which student wrote it, our experts can trace the nuances of changes made to program code and identify useful patterns to further forensic investigation and discovery.

We are creative, diligent, curious and unrelenting. We have a unique mix of technology, forensic, engineering and business experience to question, uncover and assess even the cleverest of deceptions.

Treaty Oaks has a broad range of expertise with application software. Including everything from developing code for major corporations, to conducting code audits, to implementing code testing. Some recent Treaty Oak engagements include work in these areas:

• Intellectual property: Treaty Oaks analyzed applications code to show that the authorship of the code was not true as asserted by a party in a complex intellectual property dispute.
• Product liability: Treaty Oaks identified the particular code that did not function correctly due to an algorithmic error. Such errors can manifest in a range of ways, including incorrect output to hardware that functions improperly.
• Hacking or other virus infections: Treaty Oaks analyzed the code to determine how wide ranging a particular virus effect was on networks, PCs and other parts of a large technology and communications infrastructure.

Employee sabotage and wrongful use - Treaty Oaks determined that a disgruntled employee had placed a 'time bomb' in a code critical to company functions and when the employee was asked to leave, the 'time bomb detonated', disabling all of the company's computer systems. Treaty Oaks was able to prove which individual was responsible, repair the code and collect the evidence in an expert manner for criminal investigation.

 

Clinical Training in Professional Digital Forensics

We provide customized professional level courses both nationally and internationally dealing with digital investigation, intrusion response and specialized forensics for a wide variety of devices, cryptographic compromises, information discovery, digital spoliation and anti-forensic techniques. Courses are customized to the needs of clients and range from an introductory briefing for managers and lawyers on ediscovery to digital forensics techniques and investigations for professionals. 

 

Digital Imagery and Closed-Circuit TV Forensics Analysis

Treaty Oaks can derive evidentiary data from audio signals, digital images and digital photographs and perform image enhancement to better assess the integrity, content and evidential value of these rich data repositories. Analysis can determine dates, use and potential modification to these evidentiary images.

The Treaty Oaks difference . . . 
In this new but growing segment of digital forensics, the Treaty Oaks team has the tools, special skills and expertise required to perform this type of advanced investigation. 

 

Information Systems Misuse Investigations

Treaty Oaks examines enterprise information systems to analyze security or privacy violations in relation to acceptable use policies. We determine the current level of risk or misuse and recommend actions to reduce liability, upgrade corporate practices, document infringements, or other corrective measures.

The risk of information system misuse is increasing for all organizations. It is common for people to use office resources and computers to conduct personal or other non-business-related transactions. Employee misuse of company resources could include civil misuse or criminal activity, breach of confidential, privileged information, and acceptable use policies, not to mention the loss of productivity this activity triggers.

In engaging Treaty Oaks, a client would normally expect the following process:
Through highly automated software and hardware tools, Treaty Oaks patches into the network to determine if inappropriate or suspicious activity is occurring.
We examine compliance with acceptable use policies, the exchange or possession of any known Federal contraband material and the inappropriate distribution of corporate intellectual property.

Once certain liabilities have been exposed, we perform further investigations of the problem areas, including more specific examinations of particular systems. 
An overall report is then prepared and presented to the client, along with recommended actions and next steps.

This is an invaluable service for clients wishing to practically address the liability that problem employees represent. Because the process is highly automated, it is an extremely cost-effective preventive measure to initiate . . . yet the results can save organizations millions of dollars in liability, productivity and protection of company assets.

The Treaty Oaks difference . . . 

Experience and automation are the distinguishing features of our information misuse investigations.

Our team is comprised of some of the best network experts in the business, with expert certification in virtually every major hardware and software system available. Expert backgrounds in network design, intellectual property, employment law litigation and criminal psychology allow us to quickly discover the most common problems and risks. We know criminal behavior . . . how it is likely to act and where it is likely to hide information. This helps us anticipate where systems might be exposed and susceptible to misuse.

This kind of experience combined with our state-of-the-art automated tool set provides first-class assessment and recommendations quickly, efficiently and cost-effectively.

 

Systems Survivability and Intrusion Detection

With this service, Treaty Oaks performs an overall threat analysis to determine system risks and vulnerabilities . . .

• External vulnerability: What is the level of risk of someone outside of the organization breaching system security and compromising or completely halting system operations?
• Internal vulnerability: What is the level of risk of someone inside of the organization either accidentally or intentionally affecting system performance? Could any individual action affect or even destroy mission-critical operations?

Treaty Oaks performs an audit of an organization's entire system, addressing the following areas:

• Is there a system back up plan?
• Is there a secure disaster recovery plan in place and has it been tested?
• What is the level of vulnerability to the network? This audit includes a review of system defenses - firewalls and virus scanners - as well as a threat analysis of the hardware and software to determine level of intrusion susceptibility.
• Is there an incident response plan with a defined course of action?

Has a network incident already occurred? Treaty Oaks retroactively traces the incident to determine how the attack happened, where and when the breach occurred and determines the source responsible for the intrusion.

The Treaty Oaks difference . . . 

Treaty Oaks professionals are certified in virtually every major network hardware and software available and have even contributed to the development of many leading products.

In the event that a system breach has occurred, Treaty Oaks professionals are experts at processing and handling digital evidence so that everything discovered builds a case that is admissible in court. With over 200 investigations and over 30 at trial or sworn testimony experiences, we understand the need to provide documented data that translates to valid evidence.

Our auditing and testing capabilities are proven - meeting or exceeding the highest standards worldwide - as our experience includes working with numerous government and intelligence agencies around the world. Specifically, Treaty Oaks has testified on risk mitigation and readiness for the Executive Office of the President of the United States, the U.S. Senate and numerous other private and state organizations.

Finally, Treaty Oaks distinguishes its system survivability and intrusion detection services by fast response to the critical needs of our clients. Our team can be deployed quickly to an urgent problem or to assist with a proactive security strategy. In a recent instance, Treaty Oaks teams were en route within one hour of a vital client request.