“Blue Ridge” Pre-Litigation Data Security Investigation

    DisputeSoft was engaged in a pre-litigation data security investigation in October 2018 by a financial management firm (codenamed “Blue Ridge”) to forensically examine a hard drive for evidence of copying of client data to online file sharing services.

    Our Services

    Forensic Review

    DisputeSoft reviewed an encrypted external hard drive containing a forensic image of the laptop hard drive in question. Following decryption of the hard drive, DisputeSoft Senior Manager & Forensic Examiner Josh Siegel analyzed the evidence by:

    1
    Conducting keyword searches on RAW external hard drive data.
    2
    Processing internet artifacts present on the hard drive using EnCase and X-ways forensic software.

    DisputeSoft found no evidence of copying of client data to online file sharing services. However, following our forensic review, DisputeSoft was asked to conduct a further investigation into the capabilities of the currently-installed security software and controls to prevent future installation of undesired programs and security breaches.

    Security Investigation

    Josh conducted an on-site audit of the firm’s endpoint and domain name resolution (DNS) protection software to determine whether existing protective measures were sufficient to prevent users from accessing prohibited websites and software. Josh tested and confirmed that the firm’s DNS protection software adequately protected itself from tampering and reviewed the system’s security, anti-virus, and web-filtering and alerting settings. During the security review, Josh discovered that:

    1
    A flaw existed in the endpoint protection software, which compromised its ability to prevent the installation of Tor browser.
    2
    Not all workstations were running upgraded Microsoft Windows Professional software, which would allow the firm to centrally manage security using uniform group policy controls.

    Josh worked with the firm’s Systems Administrator to remediate the browser installation issue and develop a plan for an accelerated Windows upgrade process. Josh also made technical recommendations to help to mitigate the effects of the limitations in the ability of the endpoint and DNS protection software to prevent access to prohibited websites and software.

    Josh Siegel

    Director & Forensic Examiner

    Josh Siegel has substantial experience analyzing copyright, patent, and trade secret claims related software and information technology. Josh performs functional testing, analyzes defect systems and metadata, examines source code in intellectual property disputes, acquires and analyzes data in digital forensics, and finally integrates that data into written reports and testimony.

    Learn more about our Data Privacy, Protection, and Security Services

    DisputeSoft provides data privacy, protection, and security services to law firms engaged in complex software disputes.

    SEE DATA PRIVACY SERVICES