Markets We Serve



J.S. Held’s Inaugural Global Risk Report Examines Potential Business Risks & Opportunities in 2024

Read More close Created with Sketch.

We leverage our full range of cyber, insurance, technical, financial, and strategic expertise to deliver innovative solutions to clients that help them thrive in an unpredictable digital environment.

We offer comprehensive support that serves to preclude, detect, and respond to the adverse impacts of employee wrongdoing, ransomware/malware, network breaches, unexplained activity on computing assets, and cyber security issues of both common and unique natures.

Our global team includes former federal law enforcement agents, network security experts, forensic accountants, digital forensics experts, equipment consultants, forensic economists, and former prosecutors.



Specialized Expertise for the Cyber Industry:

We draw upon vast global resources and disciplines to provide our clients with local expertise that enhances cyber readiness and incident response capabilities. No matter the business, location, or obstacle, our highly specialized team has decades of experience investigating cyber-related events and supporting a variety of clients.

Learn more about our areas of expertise in cyber-related matters below.

Financial Expertise

  • Cyberattack Financial Impact Investigations
  • Cyber Training – Business Interruption & Extra Expense
  • Economic Damages & Business Interruption Quantification Including Lost Profits & Lost Sales Value of Production
  • Expert Testimony & Litigation Support
  • Fraud Investigations
  • Identification & Quantification of Extra Expense / Increased Cost of Working
  • Pre-Breach Business Interruption & Extra Expense Planning
  • Tangible & Intangible Asset Valuation

Risk & Advisory Expertise

Cyber Security Consulting & Digital Investigation
  • Corporate Investigations
  • Incident Response – Preparation, Detection, Containment / Eradication / Recovery & Post Incident
    • Coordination with Investigative Authorities
    • Evidence Collection & Preservation
    • Forensic Examination & Data Loss Mitigation
    • Incident Remediation, Recovery & Security Enhancement
    • Investigation, Root Cause Analysis & Containment
    • Prevention / Defense / Recovery - Planning & Preparation
  • Integrity Monitoring
  • Investigative Due Diligence
  • Litigation Support, Complex Investigations & Expert & 30(b)(6) Testimony
  • Online Intelligence & Threat Monitoring
  • Proactive Resiliency Building
    • Controls Analysis
    • Cyber Due Diligence Assessments
    • Cyber Security Improvement Plans
    • Cyber Security Training
    • Incident Response & Preparedness Planning
    • Independent Cyber Risk Assessments & Monitoring
    • Government & Industry Standard Compliance Reviews / Cyber Security Program & Maturity Analysis
      • Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC)
      • Health Insurance Portability & Accountability Act (HIPAA) Security Rule
      • National Institute of Standards & Technology (NIST) Cybersecurity Framework (CSF)
      • Securities & Exchange Commission’s (SEC) Office of Compliance Inspections & Examinations
    • Security Gap Remediation
      • Data Mapping & Information Governance Consulting
      • Enhanced Technical Defenses
      • Improved Cyber Security Policies & Procedures
      • Strengthened Incident Response Preparedness
    • Vulnerability Assessments, Penetration Testing Services & “Red Team” Assessments
  • Security Risk Management
  • Virtual Chief Information Security Officer Services (vCISO)
eDiscovery, Digital Forensics & Data Analytics
  • Analysis of Structured & Unstructured Data
  • Computer Forensics
  • Court-Appointed Neutral
  • Discovery Dispute Resolution
  • Discovery Guidelines, Playbook & Data Mapping
  • Discovery Program Assessments
  • Discovery Project Management, Hosting & Analytics
  • eDiscovery Preparedness
  • eDiscovery Vendor Selection (RFI / RFP)
  • Electronically Stored Information Identification, Collection, Processing, Preservation, Review & Analysis
  • Expert & 30(b)(6) Testimony & Playbook
  • Legal Hold & Collection Technology Selection & Implementation
  • Litigation Support
  • Review Optimization Including Technology Assisted Review (TAR)

A Selection of Our Experts' Experience

Cyberattack – Breach of Contract & Violations of State Consumer Protection Acts

The client was involved in lengthy litigation, including allegations of breach of contract and violations of state consumer protection acts stemming from a cyberattack. Litigation in this matter dates back several years. The assignment was to examine available evidence in relation to the identified causes of action alleged by the complainants for the purpose of rendering an expert opinion. J.S. Held’s expert examined available evidence to render an expert opinion, submit an expert report, provide testimony through deposition with opposing counsel, and if required, testify at trial. J.S. Held’s expert conducted an evidentiary examination and associated research, compiled the results into an expert report that was filed with the U.S. District Court, and testified in a deposition with opposing counsel regarding the report.

Data Preservation & Processing

A bankruptcy administrator was responsible for the wind-down of a large multinational construction firm. J.S. Held experts decommissioned an O365 environment and a large multinational SAP environment, in addition to preserving and processing 100+ TB of Box cloud data for review by the investigations team and counsel. J.S. Held’s expert developed custom code to capture and preserve user access metadata and processed data into a document review platform for further analysis. Collaboration between data analytics and eDiscovery professionals ensured the preservation of essential cloud-based data.

Embezzlement Investigation

This project involved a brand fulfillment company investigating embezzlement by a former HR professional. J.S. Held experts identified relevant communications and documents detailing embezzlement over several years. J.S. Held’s expert designed an automated process for analyzing extracted text and metadata of tax documents and used search term reporting to tell the story of relevant communications amongst hundreds of thousands of documents collected. Findings of fraud were identified and reported to the company and its insurance provider.

Data Remediation

This project involved a multinational firm that operates in the fields of strategic consulting, planning, engineering, construction management, energy, infrastructure, and community planning, requiring remediation of third-party business information. J.S. Held experts provided the following support:

  • Isolated third-party business information from disparate data sources for remediation.
  • Identified hash duplicates and its families across several electronic data collections for remediation.
  • Leveraged advanced searching and search term reporting to route targeted document batches for review by counsel to confirm the final remediation population.
  • Identified and remediated third-party business information from disparate data sources using forensically defensible tools and procedures.
Acquisition & Preservation of On-Site Computer Equipment

Working with the client, J.S. Held’s expert supported the acquisition and preservation of on-site computer equipment related to a high-profile receivership in New York. The work has involved forensic capture from hundreds of data sources, including workstations, email, phone systems, websites, and database systems. In support of the appointed receiver’s efforts to determine the flow of funds and asset allocation, J.S. Held’s expert provided transactional data analysis and eDiscovery support. The project required rapid on-site deployment and inventory of computer assets.

Stock Pricing Analysis on Litigation Related to U.S. Securities & Exchange Commission (SEC) Stock Manipulation

Working with subject matter experts (SME), J.S. Held’s expert assisted with stock pricing analysis on litigation related to an SEC stock manipulation case. Our team provided guidance on complex content and metadata searching to identify relevant stock forms, bank statements, and certificates of designation. The culling effort significantly reduced the reviewable document population by over 90%, allowing the investigatory team to quickly target key documents. In support of the SME’s upcoming expert report, J.S. Held’s expert analyzed data incoming from numerous stock contracts, many handwritten. Through coordination with J.S. Held’s Center of Excellence (CoE) team in India, 30K+ pages of relevant documents were coded in a structured way to facilitate modeling by our data analysis experts. The project has involved flexibility in coordinating directly with outside counsel to perform the necessary eDiscovery tasks in an externally hosted environment.


The client experienced a BEC attack resulting in the loss of millions in erroneously sent wire transfers. Complicating this event, the client was days away from their auditor’s filing of a critical financial report that would be delayed until a sufficient investigation was complete. This matter required our team to analyze the devices, accounts, and data belonging to the employees involved for indications of a breach while assessing technical information for any signs of collusion. J.S. Held captured data from the client, including images of laptops and desktops, network logs, cell phone backups, and other cloud-based user and network data. Our team triaged the terabytes of data acquired to prioritize analysis on the most important areas of potential exposure. J.S. Held analyzed log data; digital forensic images; account data from multiple cloud-based user accounts including a review of account settings and rules; and reports from various interviews. Our team facilitated numerous enhanced interviews to elicit additional information regarding the circumstances surrounding the event. To fully illuminate the sequence of events as they unfolded, J.S. Held overlayed communications from all employees with any potential involvement into a single validated and verified timeline to inform our client of the incident specifics. J.S. Held’s work was critical to our client’s verification. There was no immediate risk of breach, nor were there obvious indicators of collusion. Our timely response facilitated the completion of the ongoing audit filing resulting in accolades from our client for our 24/7 response effort.


Our client experienced a ransomware attack resulting in the encryption of the client’s personal access network, impacting all tenants within a large residential complex. This matter included investigating the attack to establish the root cause; assessing the network for additional attack vectors and vulnerabilities; developing the recovery strategy; and remediating the attack to return full access to all tenants based on their appropriation authorization. J.S. Held responded immediately, with our team initiating an investigation the same day of notification. Our team integrated with the client’s IT staff to image affected servers and establish the current state of the enterprise. J.S. Held quickly identified network components with additional exposure to attack and conducted root cause analysis to ensure remediation would prevent further exposure. After identifying the attack vector, J.S. Held established a remediation strategy working with the client’s vendors to identify a clean backup and required tenant data from which the system would be rebuilt. J.S. Held worked expeditiously to restore the network and return the access system to a fully functional, updated, and upgraded state while minimizing the impact. Our client was exceptionally pleased with the result, our immediate response, and our team’s flexibility and ability to minimize the impact of the ransomware attack.

Our Experts