Cyber

• Cloud Security Consulting
• Cyber Compliance Consulting
• Cyber Security Consulting & Digital Investigation
  • Incident Response – Preparation, Detection, Containment / Eradication / Recovery & Post Incident
    • Coordination with Investigative Authorities
    • Evidence Collection & Preservation
    • Forensic Examination & Data Loss Mitigation
    • Incident Remediation, Recovery & Security Enhancement
    • Investigation, Root Cause Analysis & Containment
    • Prevention / Defense / Recovery - Planning & Preparation
  • Online Intelligence & Threat Monitoring
  • Proactive Resiliency Building
    • Controls Analysis
    • Cyber Due Diligence Assessments
    • Cyber Security Improvement Plans
    • Cyber Security Training
    • Incident Response & Preparedness Planning
    • Independent Cyber Risk Assessments & Monitoring
    • Government & Industry Standard Compliance Reviews / Cyber Security Program & Maturity Analysis
      • Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC)
      • Health Insurance Portability & Accountability Act (HIPAA) Security Rule
      • National Institute of Standards & Technology (NIST) Cybersecurity Framework (CSF)
      • Securities & Exchange Commission’s (SEC) Office of Compliance Inspections & Examinations
    • Security Gap Remediation
      • Data Mapping & Information Governance Consulting
      • Enhanced Technical Defenses
      • Improved Cyber Security Policies & Procedures
      • Strengthened Incident Response Preparedness
    • Vulnerability Assessments & “Red Team” Assessments
  • Security Risk Management
• Digital Protection Service (DPS)
• Penetration Testing
• Virtual CISO Services (vCISO)

• Analysis of Structured & Unstructured Data
• Computer Forensics & Data Analysis
• Court-Appointed Neutral
• Cyber Breach Investigations
• Data Recovery Services
• Discovery Dispute Resolution
• Discovery Guidelines, Playbook & Data Mapping
• Discovery Program Assessments
• Discovery Project Management, Hosting & Analytics
• Document Production Services
• eDiscovery Preparedness
• eDiscovery Vendor Selection (RFI / RFP)
• Electronically Stored Information Identification, Collection, Processing, Preservation, Review & Analysis
• Expert & 30(b)(6) Testimony & Playbook
• Forensic Imaging & Data Preservation
• Generative AI Prompt Development
• IP/Trade Secret Misappropriation & Data Exfiltration Analysis
• Legal Hold & Collection Technology Selection & Implementation
• Litigation Support
• Managed Document Review
• Remote Data Collections
• Review Optimization Including Technology Assisted Review (TAR)

Learn more about our expertise in:
> Digital Forensics Services
> eDiscovery Consulting Services
> Forensic Data Analytics

• Ad Tech Data Privacy & Compliance
• Departing Employee Data Theft Consulting
• Information Governance & Data Privacy Consulting
  • Cookie/Tracking Pixel Consent & Compliance Management
  • Data Protection Impact Assessments (DPIA)
  • Governance, Risk & Compliance (GRC) Frameworks
  • Off-Channel Communications (OCC) Compliance
  • Policy, Procedure & Program Development / Monitoring 
  • Regulatory & Privacy Compliance
  • Third-Party Risk & Compliance

• Blockchain & Crypto Investigations
• Blockchain & Digital Asset Analysis & Consulting
• Blockchain & Token Economics & Decentralization Assessments
• Cryptocurrency Asset Due Diligence & Provenance Services
• Cryptocurrency Asset Tracing & Recovery
• Cryptocurrency Operational Due Diligence
• Cryptocurrency Regulatory Compliance
• Damages Involving Digital Assets Assessments
• Digital Asset Compliance Framework Development
• DOJ, SEC & Other Law Enforcement Inquiry Response
• Enhanced Due Diligence (EDD)
• Independent Crypto Asset Valuation Services
• Know Your Customer (KYC) Reporting
• Litigation & Regulatory Enforcement Expert Services
• Managed Services
• Market Manipulation Investigations
• Money Services Business (MSB) Registration, Compliance & Money Transmission Licensing (MTL)
• Operational & Regulatory Risk Assessment
• Outsourced CCO Services
• Transaction Monitoring

Learn more about our Cryptocurrency & Digital Asset services.

• Cyberattack Financial Impact Investigations
• Cyber Training – Business Interruption & Extra Expense
• Economic Damages & Business Interruption Quantification Including Lost Profits & Lost Sales Value of Production
• Expert Testimony & Litigation Support
• Financial & Fraud Investigations
• Identification & Quantification of Extra Expense / Increased Cost of Working
• Pre-Breach Business Interruption & Extra Expense Planning
• Tangible & Intangible Asset Valuation

• Corporate Investigations
• Integrity Monitoring
• Investigative Due Diligence
• Litigation Support, Complex Investigations & Expert & 30(b)(6) Testimony
• Workplace Misconduct Investigations

The client was involved in lengthy litigation, including allegations of breach of contract and violations of state consumer protection acts stemming from a cyberattack. Litigation in this matter dates back several years. The assignment was to examine available evidence in relation to the identified causes of action alleged by the complainants for the purpose of rendering an expert opinion. J.S. Held’s expert examined available evidence to render an expert opinion, submit an expert report, provide testimony through deposition with opposing counsel, and if required, testify at trial. J.S. Held’s expert conducted an evidentiary examination and associated research, compiled the results into an expert report that was filed with the U.S. District Court, and testified in a deposition with opposing counsel regarding the report.

A bankruptcy administrator was responsible for the wind-down of a large multinational construction firm. J.S. Held experts decommissioned an O365 environment and a large multinational SAP environment, in addition to preserving and processing 100+ TB of Box cloud data for review by the investigations team and counsel. J.S. Held’s expert developed custom code to capture and preserve user access metadata and processed data into a document review platform for further analysis. Collaboration between data analytics and eDiscovery professionals ensured the preservation of essential cloud-based data.

This project involved a brand fulfillment company investigating embezzlement by a former HR professional. J.S. Held experts identified relevant communications and documents detailing embezzlement over several years. J.S. Held’s expert designed an automated process for analyzing extracted text and metadata of tax documents and used search term reporting to tell the story of relevant communications amongst hundreds of thousands of documents collected. Findings of fraud were identified and reported to the company and its insurance provider.

This project involved a multinational firm that operates in the fields of strategic consulting, planning, engineering, construction management, energy, infrastructure, and community planning, requiring remediation of third-party business information. J.S. Held experts provided the following support:

• Isolated third-party business information from disparate data sources for remediation.
• Identified hash duplicates and its families across several electronic data collections for remediation.
• Leveraged advanced searching and search term reporting to route targeted document batches for review by counsel to confirm the final remediation population.
• Identified and remediated third-party business information from disparate data sources using forensically defensible tools and procedures.

Working with the client, J.S. Held’s expert supported the acquisition and preservation of on-site computer equipment related to a high-profile receivership in New York. The work has involved forensic capture from hundreds of data sources, including workstations, email, phone systems, websites, and database systems. In support of the appointed receiver’s efforts to determine the flow of funds and asset allocation, J.S. Held’s expert provided transactional data analysis and eDiscovery support. The project required rapid on-site deployment and inventory of computer assets.

Working with subject matter experts (SME), J.S. Held’s expert assisted with stock pricing analysis on litigation related to an SEC stock manipulation case. Our team provided guidance on complex content and metadata searching to identify relevant stock forms, bank statements, and certificates of designation. The culling effort significantly reduced the reviewable document population by over 90%, allowing the investigatory team to quickly target key documents. In support of the SME’s upcoming expert report, J.S. Held’s expert analyzed data incoming from numerous stock contracts, many handwritten. Through coordination with J.S. Held’s Center of Excellence (CoE) team in India, 30K+ pages of relevant documents were coded in a structured way to facilitate modeling by our data analysis experts. The project has involved flexibility in coordinating directly with outside counsel to perform the necessary eDiscovery tasks in an externally hosted environment.

The client experienced a BEC attack resulting in the loss of millions in erroneously sent wire transfers. Complicating this event, the client was days away from their auditor’s filing of a critical financial report that would be delayed until a sufficient investigation was complete. This matter required our team to analyze the devices, accounts, and data belonging to the employees involved for indications of a breach while assessing technical information for any signs of collusion. J.S. Held captured data from the client, including images of laptops and desktops, network logs, cell phone backups, and other cloud-based user and network data. Our team triaged the terabytes of data acquired to prioritize analysis on the most important areas of potential exposure. J.S. Held analyzed log data; digital forensic images; account data from multiple cloud-based user accounts including a review of account settings and rules; and reports from various interviews. Our team facilitated numerous enhanced interviews to elicit additional information regarding the circumstances surrounding the event. To fully illuminate the sequence of events as they unfolded, J.S. Held overlayed communications from all employees with any potential involvement into a single validated and verified timeline to inform our client of the incident specifics. J.S. Held’s work was critical to our client’s verification. There was no immediate risk of breach, nor were there obvious indicators of collusion. Our timely response facilitated the completion of the ongoing audit filing resulting in accolades from our client for our 24/7 response effort.

Our client experienced a ransomware attack resulting in the encryption of the client’s personal access network, impacting all tenants within a large residential complex. This matter included investigating the attack to establish the root cause; assessing the network for additional attack vectors and vulnerabilities; developing the recovery strategy; and remediating the attack to return full access to all tenants based on their appropriation authorization. J.S. Held responded immediately, with our team initiating an investigation the same day of notification. Our team integrated with the client’s IT staff to image affected servers and establish the current state of the enterprise. J.S. Held quickly identified network components with additional exposure to attack and conducted root cause analysis to ensure remediation would prevent further exposure. After identifying the attack vector, J.S. Held established a remediation strategy working with the client’s vendors to identify a clean backup and required tenant data from which the system would be rebuilt. J.S. Held worked expeditiously to restore the network and return the access system to a fully functional, updated, and upgraded state while minimizing the impact. Our client was exceptionally pleased with the result, our immediate response, and our team’s flexibility and ability to minimize the impact of the ransomware attack.