Byte Back
Digital Forensics Consultants solves mysteries for law-enforcement experts, business owners and private citizens
by Bill Donahue

Most people might not realize it, but the digital media stored in the memory of virtually any device—computer, cell phone, MP3 player, gaming system, thumb drive, etc.—lives forever, and it has the potential to paint a complete and definitive picture of any wrongdoing committed by its user. In order to access such information cleanly and completely, however, one needs to have the proper tools, training and ingenuity.


That’s where James T. Zogorski and his team come in. A 30-year veteran of law enforcement, Zogorski used his unparalleled expertise to found a Newtown-based firm—Digital Forensics Consultants—capable of providing computer-forensics analysis and accompanying litigation support services to business owners, attorneys and law-enforcement professionals in need. It’s an increasingly in-demand service; every year U.S. businesses lose billions of dollars per year due to employee-based computer fraud or other forms of misconduct.


“Using the most sophisticated tools and training, we’re able to take a computer and determine everything—who, what, why, when and where—that happened on that computer,” says Zogorski, who started the firm five years ago, while working as a special agent for the U.S. Department of Homeland Security, dealing exclusively in computer forensics. “We have the ability to go in and extract the information, rebuild it, recover it and present it in legal proceedings, as evidence in civil litigation as well as any defense work where computers are involved.


“Once people find out what we do,” he adds, “they will come out and say, ‘We had no idea something like that could actually be done.’”


Through a team of highly professional digital-forensics examiners based locally, nationally and around the world, equipped with the best government training available, the firm conducts initial examinations of digital devices to determine if they contain any evidence and, if warranted, probe deeper. Typically, these examinations are performed for legal cases related to business issues, such as theft of intellectual property, inappropriate computer use, unlawful firing, fraud, sexual harassment and other such offenses. The firm also has the ability to assist in personal matters, such as gathering evidence for divorce proceedings or missing-persons cases. Regardless of the issue, confidentiality is assured.


“Even something as simple as a thumb drive can yield tremendous evidence if you know what you’re doing,” Zogorski says. “If you put something on a thumb drive, open a document from that drive and e-mail it, we can show what was on the document, show the date and time they looked at the thumb drive, and also show the make, model and serial number of the thumb drive. It’s very precise.”


Few if any firms outside of the government sector, in fact, can match Digital Forensics Consultants’ expertise and years of experience; Zogorski recruited his examiners from within the ranks of various federal, state and local law-enforcement agencies. Each team member possesses extensive technical knowledge and decades of direct experience in digital forensics, and has been trained using the most advanced equipment and software procedures available.


“One of the things we don’t like to hear from a client is, ‘We had our IT people take a look at it,’” he says. “People outside the government typically don’t have the training that we have. They don’t know what to look for, and they don’t know what not to do. … Say you’re involved in a business dispute, and the person under investigation did something he shouldn’t have—intellectual property theft, let’s say—and he happened to write a digital diary of everything he did and had it stored on a company computer. Even accessing the document makes it irrelevant; it may create problems [if it goes to court]. It’s like destroying a crime scene.


“We have the ability to go in and recover things inside the computer that you can’t find without specialized tools and training,” he adds. “We can recreate the total picture and find everything that happened with the computer and be able to present that information clearly, without question. By doing that the correct way it’s likely to be upheld in court.”


Digital Forensics Consultants can perform an exam on a digital device in several ways. For example, although the company prefers to work from a central location, an examiner could travel to a client’s workplace or home and take a forensically sound “image”—meaning an exact duplicate, a sort of snapshot or fingerprint—of the device’s memory. Capturing such an image takes anywhere from three to five hours, depending on the device’s memory, and the examination is typically done on a copy of the original image taken, primarily to keep the original intact. The company can also take the image remotely by installing specific drives on a computer that enable an examiner to access the information through the Internet.


Growth Market

As an industry, digital forensics is in its infancy, and Zogorski’s firm is one of its true pioneers. The size of computer drives is one small example of how quickly the field is evolving; whereas modern computer drives used to be no more than 60 or 80 gigabytes, computers with 2-terabyte drives are common today. Such changes provide mounting challenges for those dealing in digital forensics, such as increasing the amount of time it takes to image and examine a device’s hard drive, but Digital Forensics Consultants has been able to stay at the forefront by continuously upgrading its equipment and training procedures.


Although businesses wanting to protect or defend themselves represent the firm’s primary market, Digital Forensics Consultants also has the ability to assist families and individuals with personal issues in need of having questions answered by examining a device’s memory.


“One client called us about his 15-year-old daughter,” Zogorski says. “Her grades had been dropping, and there were some other personality issues that made him think something was going on in her personal life. He gave us the two computers in the house, and by examining them we were able to discover that his daughter had been in contact with a man in his 30s, and the two of them were planning to gather their passports and flee the country together.


“Sometimes a parent might suspect there may be a drug or alcohol problem, but they just don’t know how deep the problem is until they come to someone like us,” he adds. “If you want to know what’s going on with them, what they’re involved with, who they’re hanging out with, a computer, cell phone or even a gaming system can give a very clear picture … because [kids] use their digital devices to talk with their friends about what’s going on in their life.”


Whether it’s a personal or business matter, assuring clients’ confidentiality is of the utmost importance. Without sharing specifics, Zogorski recalls one particular case, in which a high-level executive from a Bucks County-based business left the company but first deleted, altered or stole as many as 60,000 computer files the company needed to do business. A local law firm hired Digital Forensics Consultants to investigate, and one of the company’s examiners quickly picked up the trail.


“While he sat there deleting the files, on a Saturday when he shouldn’t have been there,” Zogorski says, “the person in question was also browsing the Internet looking for information about penalties for fraudulent business practices, which is exactly what he was doing.


“When we get involved with something like this, it’s an exact science; it’s not a matter of ‘maybe he did it,’” he adds. “We’re going to show you, ‘This happened at this date, at this time,’ and we’re going to show you exactly what happened. In court cases, sometimes just by hiring us, the other side will plead out because they know what we find will give us the smoking gun.”


Digital Forensics Consultants

10 N. State Street, Newtown, PA 18940

215-860-3918 |