We leverage our full range of cyber, insurance, technical, financial, and strategic expertise to deliver innovative solutions to clients that help them thrive in an unpredictable digital environment.
We offer comprehensive support that serves to preclude, detect, and respond to the adverse impacts of employee wrongdoing, ransomware/malware, network breaches, unexplained activity on computing assets, and cyber security issues of both common and unique natures.
Our global team includes former federal law enforcement agents, network security experts, forensic accountants, digital forensics experts, equipment consultants, forensic economists, and former prosecutors.
Specialized Expertise for the Cyber Industry:
We draw upon vast global resources and disciplines to provide our clients with local expertise that enhances cyber readiness and incident response capabilities. No matter the business, location, or obstacle, our highly specialized team has decades of experience investigating cyber-related events and supporting a variety of clients.
Learn more about our areas of expertise in cyber-related matters below.
Risk & Advisory Expertise
A Selection of Our Experts' Experience
The client was involved in lengthy litigation, including allegations of breach of contract and violations of state consumer protection acts stemming from a cyberattack. Litigation in this matter dates back several years. The assignment was to examine available evidence in relation to the identified causes of action alleged by the complainants for the purpose of rendering an expert opinion. J.S. Held’s expert examined available evidence to render an expert opinion, submit an expert report, provide testimony through deposition with opposing counsel, and if required, testify at trial. J.S. Held’s expert conducted an evidentiary examination and associated research, compiled the results into an expert report that was filed with the U.S. District Court, and testified in a deposition with opposing counsel regarding the report.
A bankruptcy administrator was responsible for the wind-down of a large multinational construction firm. J.S. Held experts decommissioned an O365 environment and a large multinational SAP environment, in addition to preserving and processing 100+ TB of Box cloud data for review by the investigations team and counsel. J.S. Held’s expert developed custom code to capture and preserve user access metadata and processed data into a document review platform for further analysis. Collaboration between data analytics and eDiscovery professionals ensured the preservation of essential cloud-based data.
This project involved a brand fulfillment company investigating embezzlement by a former HR professional. J.S. Held experts identified relevant communications and documents detailing embezzlement over several years. J.S. Held’s expert designed an automated process for analyzing extracted text and metadata of tax documents and used search term reporting to tell the story of relevant communications amongst hundreds of thousands of documents collected. Findings of fraud were identified and reported to the company and its insurance provider.
This project involved a multinational firm that operates in the fields of strategic consulting, planning, engineering, construction management, energy, infrastructure, and community planning, requiring remediation of third-party business information. J.S. Held experts provided the following support:
Working with the client, J.S. Held’s expert supported the acquisition and preservation of on-site computer equipment related to a high-profile receivership in New York. The work has involved forensic capture from hundreds of data sources, including workstations, email, phone systems, websites, and database systems. In support of the appointed receiver’s efforts to determine the flow of funds and asset allocation, J.S. Held’s expert provided transactional data analysis and eDiscovery support. The project required rapid on-site deployment and inventory of computer assets.
Working with subject matter experts (SME), J.S. Held’s expert assisted with stock pricing analysis on litigation related to an SEC stock manipulation case. Our team provided guidance on complex content and metadata searching to identify relevant stock forms, bank statements, and certificates of designation. The culling effort significantly reduced the reviewable document population by over 90%, allowing the investigatory team to quickly target key documents. In support of the SME’s upcoming expert report, J.S. Held’s expert analyzed data incoming from numerous stock contracts, many handwritten. Through coordination with J.S. Held’s Center of Excellence (CoE) team in India, 30K+ pages of relevant documents were coded in a structured way to facilitate modeling by our data analysis experts. The project has involved flexibility in coordinating directly with outside counsel to perform the necessary eDiscovery tasks in an externally hosted environment.
The client experienced a BEC attack resulting in the loss of millions in erroneously sent wire transfers. Complicating this event, the client was days away from their auditor’s filing of a critical financial report that would be delayed until a sufficient investigation was complete. This matter required our team to analyze the devices, accounts, and data belonging to the employees involved for indications of a breach while assessing technical information for any signs of collusion. J.S. Held captured data from the client, including images of laptops and desktops, network logs, cell phone backups, and other cloud-based user and network data. Our team triaged the terabytes of data acquired to prioritize analysis on the most important areas of potential exposure. J.S. Held analyzed log data; digital forensic images; account data from multiple cloud-based user accounts including a review of account settings and rules; and reports from various interviews. Our team facilitated numerous enhanced interviews to elicit additional information regarding the circumstances surrounding the event. To fully illuminate the sequence of events as they unfolded, J.S. Held overlayed communications from all employees with any potential involvement into a single validated and verified timeline to inform our client of the incident specifics. J.S. Held’s work was critical to our client’s verification. There was no immediate risk of breach, nor were there obvious indicators of collusion. Our timely response facilitated the completion of the ongoing audit filing resulting in accolades from our client for our 24/7 response effort.
Our client experienced a ransomware attack resulting in the encryption of the client’s personal access network, impacting all tenants within a large residential complex. This matter included investigating the attack to establish the root cause; assessing the network for additional attack vectors and vulnerabilities; developing the recovery strategy; and remediating the attack to return full access to all tenants based on their appropriation authorization. J.S. Held responded immediately, with our team initiating an investigation the same day of notification. Our team integrated with the client’s IT staff to image affected servers and establish the current state of the enterprise. J.S. Held quickly identified network components with additional exposure to attack and conducted root cause analysis to ensure remediation would prevent further exposure. After identifying the attack vector, J.S. Held established a remediation strategy working with the client’s vendors to identify a clean backup and required tenant data from which the system would be rebuilt. J.S. Held worked expeditiously to restore the network and return the access system to a fully functional, updated, and upgraded state while minimizing the impact. Our client was exceptionally pleased with the result, our immediate response, and our team’s flexibility and ability to minimize the impact of the ransomware attack.