Electronically Stored Information – ESI

In 2020, an investigator will need to be skilled in ESI to succeed in the industry. All aspects of personal and business activity and transactions are becoming controlled by ESI. Let’s take a look at a few examples. The most important fact for investigators to be aware of in the next 3 – 5 years is that there will be a significant difference in understanding of ESI between different people in the marketplace. This creates a huge opportunity for investigators who are experts in this area to create value for their clients cases.

Criminal Defense – This first example demonstrates that clearly. In this case, it appears that a state-sponsored conspiracy may have been in place to set up a high profile individual to be arrested to thwart his political ambitions.  the target was Dominique Strauss-Kahn, then head of the International Monetary Fund and leading contender to unseat Nicolas Sarkozy as president of France in the April 2012 elections. The team who executed this scheme would likely posses above average tactical skills. I the end however, the worst case scenario for the target was defeated by ESI. In one of the most high-profile cases in the news, the culpability of the alleged perpetrator is called into question by facts obtained from electronic records. Just a few years ago, this exculpatory evidence may not have been readily available, and the prospects for the subject might be different. In this case, it is also important to recognize that

DSK was alerted to the potential problem when it appeared his Blackberry was compromised. Private text messages he sent ended up in the hands of the political party headquarters for his opponent. As we now know, he ended up being arrested for sexual assault in New York City based on the allegations of a maid at a hotel. The charges were later dismissed, but it turns out the investigation discovered a more serious set of inconsistencies between individual statements and electronic records. The story describes how text message records, hotel key-swipe time stamps, security camera video, and travel information was extracted, and compared with witness statements. In one instance, a cell phone record was discovered where a member of the hotel security team was communicating with the security detail of the French President Sarkozy, the political rival of DSK. Another email was discovered where Colonel Thierry Bourret, the head of an environment and public health agency, claimed credit for “bringing down” DSK. Later, a security camera digital record found the hotel security man and another person high-fiving each other after the victim reported to her supervisor. It was also discovered that another Blackberry owned by the target had its GPS circuitry defeated preventing the phone from sending out signals identifying its location. For a phone to be disabled in this way, according to a forensic expert, required technical knowledge about how the BlackBerry worked.

In the end, the criminal charges were dropped, but the political future of DSK was damaged, possibly for good. The takeaway for investigators is that the understanding of ESI records is inconsistent, even within the security industry.

Online Life Indistinguishable From “Real” Life – Of course, Facebook investigation is a hot subject. various seminars and courses are on the market presenting methods of doing investigation within social networks. The question of online activity vs. real world activity is important enough for courts to begin issuing opinions on the subject. The opening paragraph of a case decided last week begins as follows:

“Facebook helps you connect and share with the people in your life.” But what if the people in your life want to use your Facebook posts against you in a civil lawsuit? Whether and to what extent online social networking information is discoverable in a civil case is the issue
currently before the Court.

The question being argued was a claim made that the court should compel a party to divulge their Facebook password to the opposing party for discovery of posts and photos in the Facebook account. The case involved a personal injury claim where the injured parties allege serious injuries as a result of an auto accident. The opposing party requested the Facebook information claiming a good faith belief that it would be relevant to the defense of the injury claims. Defendant says that certain posts on the injured parties Facebook account contradict her claims of serious and severe injury, Specifically, Rosko claims that Largent had posted several photographs that show her enjoying life with her family and a status update about going to the gym. After considering privacy and priviledge arguments, the court ruled on November 7th 2011 as follows:

IT IS HEREBY ORDERED that Defendant’s Motion to Compel be, and hereby is, GRANTED.
IT IS FURTHER ORDERED that Plaintiff Jennifer Largent shall turn over to Defense counsel her Facebook username email and password within 14 days of the date of this Order. Plaintiff shall not delete or otherwise erase any information on her Facebook account.

Investigators should be continually aware of cases such as this, and the developing case law regarding electronic information.

Emails As Binding Contracts – Communication transaction by email is ubiquitous and valuable. The legal impact of email communication is also becoming more significant. A 2000 Federal law recognized electronic signatures as being legally valid, creating an interesting opportunity for forward thinking investigators to utilize email messages as legal documents. In this article, one adaptive viewpoint considers the consequences of the E-SIGN law combined with email engagements. “In determining whether an e-mail or e-mails formed a contract, courts scrutinize whether the e-mail contains the essential terms, whether it shows a final offer and acceptance with the intent to be bound and not merely a continuing negotiation, and whether it comes from the party to be charged.”

“When composing or responding to e-mails, it is important to consider whether the e-mail or a series of e-mails could be construed as forming a contract – specifically, whether such e-mails contain an offer or acceptance with the intent to be bound and the essential terms described above and whether a typed signature, including just the automatic signature block, appears at the end of the e-mail. Policies and practices emphasizing the use of contingencies and qualifiers in e-mails can prevent the creation of unintentional contracts.”

Liability Documentation – Withing the infamous Penn State assault case, internal emails could be damaging evidence of an ongoing concealment of activity. The extent of liability to third parties beyond the perpetrator could hinge on this electronic information. According to the Wall Street Journal article, an Aug. 12, 2005, email to Pennsylvania State University President Graham Spanier and others, Vicky Triponey, the university’s standards and conduct officer, complained that Mr. Paterno believed she should have “no interest, (or business) holding our football players accountable to our community standards. The Coach is insistent he knows best how to discipline his players…

The confrontations came to a head in 2007, according to one former school official, when six football players were charged by police for forcing their way into a campus apartment that April and beating up several students, one of them severely. That September, following a tense meeting with Mr. Paterno over the case, she resigned her post, saying at the time she left because of “philosophical differences.” Dr. Triponey said: “There were numerous meetings and discussions about specific and pending student discipline cases that involved football players,” which she said included “demands” to adjust the judicial process for football players. The end result, she said, was that football players were treated “more favorably than other students accused of violating the community standards as defined by the student code of conduct.”

In this case the difference is that the he-said she-said controversy is documented by email records and other ESI. Dr. Triponey sent an email to Messrs. Spanier, Curley and Puzycki summarizing the meeting and sharing her thoughts and concerns. In the email, which was reviewed by The Wall Street Journal, she said that football players were getting in trouble at a “disproportionate rate” from other students, often for serious acts. She said her staff had tried to work with the athletic department, sometimes sharing information, but that whenever her department initiated an investigation into a football player, the phones lit up. “The calls and pleas from coaches, Board members, and others when we are considering a case are, indeed, putting us in a position that does treat football players differently and with greater privilege.”

As it can be seen, every type of investigative case will be impacted by electronic information. In fact, most of the intelligence gathered by investigators in the coming years will derive from ESI. The CIA and State Department are concerned that terrorists might be using the communication features of online gaming such as Second Life to exchange messages. Astute fraud investigators recognize that even deleted voice mail messages may remain in backup tapes of company servers.

As more of the valuable intel from a case will come from electronic information in the future, investigators will need to develop skills to obtain and analyze this information.


The Tactical Draw Stroke is the Foundation for Winning a Gunfight

The tactical draw stroke is often underrated as a critical aspect of combat gunfighting. Shot placement, marksmanship, sight picture, and trigger control are more often the focus of the defensive handgun training and range practice. Further complicating the issue is that shooters normally practice on firing ranges where target accuracy is the primary focus, and the draw stoke or presentation is not practical, and sometimes not allowed.

In a real world event where the defensive or combat handgun is necessary, the entire process starts with the draw action, and the quality of the fight is defined by how well this foundation is established. From an effective grip to target acquisition to sight alignment, each subsequent step in the life or death scenario is made better or worse by the execution of the draw.

There are several different “official” draw methods trained, each with its own name and criteria. In fact they are all similar and often variations of each other. For the purpose of this description we’ll use a 4-point draw with the four points being: grip, pull, securing support hand, and punch-out. The reasoning and logic behind the connections between these steps and why they are critical to shooter success will be relevant to all draw methods.

If the draw stroke is the foundation to success is handgun defense, the grip is the cornerstone of the foundation. Let’s take a look at some of the details most frequently included in high level training of shooters and officers, and see how they translate to winning a gunfight.

  1. Firm initial grip or “grip it like you mean it” – Obviously this establishes the correct grip immediately without the need to adjust the handle as the weapon is brought to bear. It saves precious milliseconds but more importantly keeps the focus on the fight. Looking down or even being distracted to re-adjust grip could have disastrous results for the shooter / officer. Confidence is lost when second guessing the connection between shooter and firearm. No officer plans on having to re-grip the firearm after clearing the holster, and repeated practice will make sure this will never happen.
  2. Planting support hand on chest – This step may be the most critical. I recommend pounding the chest hard with an open off-hand at the same instant the fire-control hand grips the weapon. This creates an instant subconscious wake up call that the fight is on. Ideally the shooter would also instinctively rock slightly forward on the balls of the feet and even go eyes-wide like he or she is surprised. The reasoning most often given by instructors is that you want to get the support hand out of the potential muzzle sweep. True enough, and this has merit again in keeping the shooters confidence level high. (When you can remove any potential distractions such as shooting yourself that increases confidence). More importantly however, it locks the loose body parts together, and places the support hand closest to where it needs to be when the gun is brought up to that firing position. The hand plant is about mechanics, but it is also as much about getting into the combat mindset.

Professionals who rely on expert tactical shooting skills should practice the entire draw stroke as much, if not even more than they should practice live fire shooting. Once the gun is up and aligned with the target most of the hard work is done. Shooting from high-ready at the range does very little to guarantee survival in a fight. The opportunities for off range practice are endless. Spending 15 minutes at home on plant-and-grip may seem irrelevant or even awkward, and there is no immediate feedback of success such as seeing holes in a target downrange. However uncool it might appear, dry-drawing regularly might be the part of a training regimen tmost beneficial owards the day when a gunfight means life or death to you or others.

A shooter can use an actual firearm for off range training provided it is triple checked for live ammunition, and performed in a sterile area without ammo in the vicinity. A person serious about their expertise can obtain a plastic dummy gun, and use that for thousands of reps of dry-drawing each week. If a more realistic weight and balance is desired, a commercial training weapon such as the S.I.R.T. gun can be used. Some officers have even drilled out plastic guns and added lead for the correct weight.

Civilians who are seriously interested in personal defense or tactical expertise should do the same thing. Private sector ranges normally do not allow live fire drawing of weapons, and the shooting bay platform would get in the way even if it were allowed. If drawing is not allowed at the range, performing the punch-out step and sight acquisition from there adds to the training retention. Marksmanship from the high ready is not really an indication of results if a gunfight should take place. If defensive gunning is what you are training for, don’t just include static range shooting as all of the training.

Often overlooked in tactical procedures is movement. A step to the right or left has often meant the difference in survival for officers and shooters in a fight. Adding this step when dry-draw practice will ensure that it becomes part of the subconscious muscle memory which kicks in when the bad guy does something sketchy. Even when you are restricted to static shooting at a range, you can make sure to include a slight shuffle step when firing to make sure that element does not get lost in, well, the shuffle.

The value of regular practice of this single aspect of the draw stroke is immeasurable. It con be done almost anytime and anywhere. It creates consistency and precision in the action. It increases the officers control of the weapon and reduces takeaway probability. Practice will also reveal slight beneficial variations, such as angling the thumb to clear cover garments, trigger finger placement on the slide, and the feel of the hammer to ensure the weapon is in battery.

Shooters have likely heard all of the steps and associated reasoning in their department training. The valuable message here is the suggestion to practice extensively off-range. It is free, it requires no scheduling of training, and it might have more of a positive impact on officer skills than live fire. Repetition and practice isn’t as glamorous or exciting as live shooting. But the excitement of your family seeing you come home each day might be worth it.

David Pelligrinelli


  • NRA Law Enforcement Instructor
  • International Association of Law Enforcement Firearms Instructors
  • Florida “K” License Instructor # K 1100058


How powerful can electronic investigations be?

Methods of observation allow investigative experts to gather much deeper information about ordinary subjects, and make it possible to detect subjects who take steps to conceal their identity or whereabouts.

An insignificant action such as entering a post on Twitter can open the door to mining of deeper data on a subject. An investigator with polished analysis skills and the right tools can use this breach as a leverage point to pry open access to more comprehensive information on the subject. The single Tweet can reveal a profile which might reveal the subjects given name, or if not a screen name which is used elsewhere. Online venues where this screen name is used may contain individual minor details which can be placed in context or combined to create a profile of the persons identity.

The identity can be expanded to include family, colleagues, business associates and other activity. One journalist provides a step-by-step example of this process. In this example the investigator locates an active member of the military stationed overseas using the process. “I’ve gone from one tweet to knowing an entire family’s names, location, address, contact details, what they look like, how they are connected to the military and, potentially, where a part of the US army is coming under fire.”

Even if the subject does not provide revealing information online, they may be vulnerable through their cellular activity. Most phones retain login information used for websites, email, and online banking in clear text format within apps and memory locations. Physical access to the phone can allow this information to be extracted, and some methods can be used to download the information remotely. Viruses or other malicious code can be inserted on mobile devices to extract data. Ipads are increasingly used as personal computing devices. As these are connected using the cell network they are equally vulnerable. According to the Associated Press hackers are quickly setting their sights on mobile devices using Apple applications and Android apps. “Wrong-doers have infected PCs with malicious software, or malware, for decades. Now, they are fast moving to smartphones as the devices become a vital part of everyday life.” Malicious applications often masquerade as legitimate ones, such as games, calculators or pornographic photos and videos. Mobile devices are particularly vulnerable because pop-up warnings do not exist as they do on PC’s, and the smaller screens make it more difficult to verify website addresses or SSL status. The University of California found that “attackers can spoof legitimate applications with high accuracy, suggesting that the risk of phishing attacks on mobile platforms is greater than has previously been appreciated.”

So what if you decide to stay off the internet, and even throw away your cell phone? Not good enough.  Just walking around in public can disclose private information. A new study from Carnegie Mellon University’s Alessandro Acquisti, Ralph Gross and Fred Stutzman showed that current technology can actually cross reference a person’s face with currently available photos on the Web and find out information about that person, including their interests — and in some cases their social security numbers. The facial recognition technology required to do this already exists, although it is not widely available to the public. As the programming is replicated and becomes ubiquitous, this powerful tool will be in the hands of ordinary people. Combined with data research, records analysis, and cross-referencing a person could scan crowds to locate individuals or mine for subjects which meet a certain profile.

Already there are projects which attempt to tag faces in crowd photos. A group photo is posted and visitors tag themselves or others they know using Facebook. Someone present in the crowd does not need to consent to this or even be aware of it. I predict this will become more common and be performed automatically when facial recognition becomes more common.

Obviously the answer is not to stay locked in the house, but being aware of these emerging technologies is valuable for investigators and those interested in managing the information available about them.

– David Pelligrinelli

Protecting your identity and security online

Guarding your credit card number and personal information is a high priority. Entire industries of identity protection and credit locks are built around protecting credit card information. While vigilantly guarding things like credit card and even social security numbers, most consumers have a vulnerability in their online activity left largely unsecured. Access to your primary email account is a significant exposure.

The potential damage due to an email account breach is greater than if somebody stole your credit card or possibly even your social security number. In fact some investigators and analysts call the email address “the new social security number.” If a criminal was able to log into your email account, they would be able to access many areas of your personal and financial life. Think back to all of the accounts, logins, and access codes which were established using your email. Your online banking, most credit cards, car loans, mortgages, even retirement accounts are all connected to your email. Try this; go to the website for some financial account you have, and click the “Forgot Password” link. In most cases the institution will simply send the new password or a reset link to your email account. (If you are lucky, some banks have a process to answer certain secret question, but even those can be reset by email)

What if a person was able to access your Facebook account? Could they get personal information from your contacts impersonating you? What about contacts on LinkedIn, your co-workers, or other associations? Remember that your associations with each of these is probably documented in a “Welcome” email in your archived emails. Make a list of all the account records you think you have, and then go through old emails to remember how many you really have. Could a criminal buy $1000 worth of items on Amazon using your stored credit card? How many shopping sites are you signed up for? All of these are accessible simply by getting into your email.

Now within your email messages there is likely a large volume of personal information. Your accountant may have sent your tax returns with social security numbers. You may have emailed credit applications to banks or mortgage companies containing all of your financial information. There are faxes, scanned documents, and copies of drivers licenses possibly attached to emails. Other documents such as Excel files or Word docs may contain sensitive information about your business or employer. More damaging might be “private” photos exchanged between yourself and relationship partners. Last, the message content of communications themselves contains details which you may not want in the wrong hands.

So considering all of this how hard to you protect your email password compared with your credit card number? If it is an easy to guess word or number such as your date of birth it is insecure. Some individuals have it written on a slip of paper near their computer. In some cases the computer stays logged in to the email account at all times. Even if you guard the password carefully, are there any others who know your password? If you use the same password for email that you do for Facebook or other sites, have you given that login to anyone else to upload photos or fix something?

Email account access is a serious risk to all types of breaches. The steps to reduce the exposure are simple. First change your password today, and try and remember to change it every month or so. I recommend writing down the new password each time and keeping the login in a safe with your birth certificate and other valuable documents. You may want to keep your banking logins on that same secured “hot sheet” as well. Be sure to log out from your email when you walk away from it. Be especially careful when checking email from a remote location such as on public WIFI or on a hotel computer. These may be vulnerable to detection. If you must check email from a less-than-private location be sure to change your password again when you get back home. Also be sure check the “Last Login” record every time you look at your email account. Most providers will have a small box on the screen showing the date and IP address that your email was last accessed. it should match your memory of when you last were online.

All of these measures are certainly inconvenient, but much less of a project than fixing the damage caused by a breach of your accounts. In another comparison to the exposure to losing your credit card, remember that if a criminal gets your card number, the bank has to eat the loss. You may have to wait a few days for a new credit card and change some of your automated billing, but at least the problem is fixable. A person rummaging around in your email account for a while can do damage which you may not be able to fix.

Fraudulent lien release

When recorded documents are searched by a title abstractor, the searcher generally will take the document at face value unless some evidence of fraud is glaringly apparent. Document recorders and clerks operate under the same presumption.

Consider the case of a financial fraud being investigated. In this case a person had been sued several years before and a judgment was entered for the plaintiff. The judgment was properly recorded in the land records in the county where the debtor owned property. At the time of the judgment the creditor had reason to believe that the debtor had not discoverable assets to garnish, and the property was encumbered by a mortgage in excess of its value. (There are additional details of the events intentionally left out of this description.)

During that time the debtor acquired funds from the sale of two ATV’s and a boat which were not disclosed to the creditor, and which the creditor did not look for. The debtor also accumulated funds from savings from their regular earnings. The debtor wanted to conceal the funds from several creditors so they were not placed in any bank accounts, nor were visible assets purchased. Instead, the property owner used the funds to pay down their mortgage which had the effect of raising their net worth.

Investigating this case several years later no assets or bank accounts were discovered. However it was revealed that not only was the mortgage showing the higher balance, it was actually paid off. This is where the serious fraud was discovered. In order to extract the asset value from the property the debtor wished to sell, but was aware that the judgment lien would be discovered and would need to be cleared prior to closing.

To avoid this issue, the homeowner created a lien release in the name of the company holding the judgment, and presented it for recording with the county clerk. As it was valid on its face, the instrument was recorded. The property was sold and the debtor received the funds. Upon inspection of the release there was nothing which would indicate to any abstractor or title agent that it did not clear the previously recorded lien. The company name was correct. The signator was different but this would be likely for a company to have multiple signors. The debtor denied having any participation or knowledge of the release being filed.

Fortunately the investigation was able to track the source of the document through the notary. The name and stamp of the notary was investigated and found to belong to a desk clerk at an insurance agency. The agency was the issuer of the auto policy for the debtor, and also had a record of the notarization along with the drivers license info for the person who did sign. Upon contacting that subject they revealed that the debtor had instructed them to sign the form.

Hypothetically, what if the debtor had spent the $5 to go to a notary who was not personally familiar to them, such as at a shipping store? What if the notary had not recorded the identification information for the signor, and the signor had a common name which was not specific enough to locate one particular person?

The lesson for creditors is to check the status of your judgment liens regularly at least, and at best to keep checking for a change in credit or asset status on the debtor. There are a number of ways for debtors to attempt at concealing assets, but most can be discovered in an investigation.

Title searchers can keep an eye out for obvious fraud, but this is a rare event and sometimes not discoverable. The title agent could have caught the fraud if they did not rely on the release to clear the lien but instead contacted the creditor directly. It was after all still showing on the credit report for the debtor.


Business identity theft

Business owners should be aware that a trend of fraudsters stealing the identities of business is increasing. There are variations on the scheme, but typically the good name or credentials of a business are used to obtain credit, merchandise, or sales. One common vulnerability is where a business provides documentation through an association or trade group.

In one example, a trucking firm was a member of a computerized shipping cooperative network. The network provides a directory of cargo loads available to be picked up and shipped which truckers can select from. The trucking firm looks up loads in a location where they will be available and selects one based on weight, size, and type of cargo. The trucking firm contacts the shipper and arranges for the pickup based on the posted rate or negotiates a higher price if possible. As part of participating on the network, the trucking firm posts their company information along with their insurance certificate for verification by the shipper. The shipper views the information and verifies the insurance and schedules a time for the truck to take the shipment.

The criminals apparently used this system to take a shipment using the identity of a legitimate trucking company. They obtained all of the company information from the shipping network, and printed off a copy of the insurance form. The other key to this theft was using an online phone service provider to create a virtual phone line. There are several communications company which will issue a number in any area code and create a custom greeting in any company name. Incoming calls are forwarded to a number provided by the customer. Phone trees, voicemail, and a complicated extension system can be set up as well. In this case the criminals created a virtual phone line which answered in the name of the legitimate trucking company. “Thank you for calling _____ Trucking, press 1 for……”.

The calls were forwarded to a pre-paid cell. So the criminal calls the shipping firm and agrees to take the truckload for delivery. They fax over a legitimate looking letterhead with the new phone number and attached the insurance form. The shipper calls the number to verify and is given the go ahead to release the cargo to the truck driver.  A pickup time is scheduled and the criminal leaves with a six figure load of cargo, never to be seen again. The shipping warehouse did get a copy of the drivers CDL but it turned out to be a forgery.

In hindsight, the shipping company could have insisted on calling the numbers listed within the computer network for the company, but they simply went off of the faxed letterhead. The investigation now hinges on tracking down IP addresses used to visit the website for the virtual phone company, and possible logins to the shipping network website. These are thin leads at best.

The message for company owners is to watch out where your company information and credentials are posted. You may have license information and personal information listed on trade groups, industry associations, marketing forums, and sales organizations. An identity thief can gather a great deal of information about the company from combining this information. The same technique could be used to create phone accounts, obtain credit, or buy services from vendors.


Hiding assets after judgment, bankruptcy, or short sale

Creditors are often suspicious of whether their debtors have assets which are being concealed. Searching for hidden assets is a powerful tool which judgment holders can use to obtain higher returns on their judgment instruments. Debtors attempt to conceal assets in many ways by a debtor, but a thorough investigation can discover these.

Fraudulent transfer

Using this strategy, a debtor transfers or title assets in the name of a relative or associate, believing that the “paper” ownership in another name demonstrates that the asset does not accrue to them. In some cases a debtor will create a corporation or other entity to hold assets for their use or ownership. An investigation can discover these assets by following a flow of funds to determine where the money came from which purchased them. If the money came from the debtor to acquire an asset for a third party, that is one red flag to investigate further. In high profile cases, assets can be discovered through observation or surveillance. A debtor seen driving an expensive car or one not listed on a disclosure form can be deposed to determine the ownership and origin.

Lifestyle laundering

A debtor can use an affluent lifestyle to conceal assets or income. Instead of hiding assets in the form of a tangible object such as a car or boat, some debtors will liquidate hidden cash or off-the-books-income over time by spending lavishly on vacations or entertainment. This will not show up on a balance sheet or credit report, but can also be discovered through observation.

Trigger records

The records of a debtor should always be inspected, no matter how small. A $50 charge to a debit card may seem insignificant on its face. However, many of these charges indicate a relation to a larger expense. We have seen examples of small charges at a jewelery store which turned out to be a repair bill for a $50,000 Rolex. In another case, a $80 check was paid to a company with a generic name. It turned out to be a catering company which delivered lunch to a marina where the debtors undisclosed vessel was berthed. Small expenses can also indicate the location where a person traveled to, or how much gas is used during a particular time. Clever debtors will pay cash for large purchases to hide them, but often revert to credit cards or checks for smaller items, which can trace back to larger assets or lifestyle indicators.

Bank accounts

It is a common misconception that bank accounts appear on a credit report. Some debtors know that a casual search of credit records or even financial statements will reveal bank accounts. Actually, a more detailed investigation is needed to locate bank or brokerage accounts. Investigators with specific knowledge of these methods are necessary.

Real estate

Asset concealment and fraud almost always has a real property component. Real estate may be the origin of the fraud, or the means to divest the funds. Some debtors believe that real estate owned is not discoverable if some method to conceal ownership is take. Vesting title in another name is the most common. Some will use a quit claim deed to move ownership to another person. Debtors often overlook the fact that their prior ownership and the quit claim deed itself can be found in public records using the grantor/grantee name index. Using title forensics an investigator can even locate incidences where a debtor appears on title documents but not listed in the name index. References to the debtor as a signature witness to a transaction, holder of a remainder interest or life estate, or even having contributed to the closing funds on a HUD settlement statement can indicate that the property can be looked at as an asset.

Judgment creditors can look beyond the apparent means of a debtor to have assets to collect from. Many methods of investigation are used to discover all types of assets which a debtor may have. The bottom line is that everyone has some assets, including a debtor. A professional investigation is a powerful tool in obtaining a settlement or garnishment of assets.

Discovering hidden data in an investigation

The nature of data storage device evolution requires rethinking many aspects of security such as data concealment, law enforcement searching, parental controls/monitoring, and academic testing. The size and form factor of data storage devices is virtually unlimited, so security professionals need to eliminate specific recognizable objects as a means to detect data storage. In my opinion data locations need to be determined by following the flow of data back to the source, instead of trying to identify the source initially.

Forensic analysis of the main PC or laptop to track file transfer history is the first step. However, removable drives of unknown appearance makes it harder to find them even if their existence is discovered.

Making this process more difficult is the increase in cloud-based storage (and even cloud processing), where the storage and use of data is performed using a remote service. Barracuda and Carbonite are the most commonly known by the public, but hundreds of online storage venues exist. An app popular on iPhones and iPads is Dropbox, where a user can syncronize and store files online for use anywhere.

Again, the best investigative strategy is to look for activity first, and then use that to point towards possible data sources. As the presentation described, there is no way to search every possible physical location for data in advance when it can be located in a keychain or stylized thumbdrive.

Financial investigative techniques are applicable to data investigations. Financial forensics use the process of following the money trail, rather than trying to identify all accounts up front. Data investigations will need to migrate to this approach, following the flow of data to trace all the locations it lands upon. Once the locations (drives, chips, USB’s, gaming devices, online storage, emails, etc.) each of those can then be investigated further to develop other evidence.

Palm Beach private investigator

Investigative services
Background & Character Investigations
Associates, business partners, employees, supervisors, contractors, and potential partners have potential to impact your finances and security. Be aware of the current and past activities of who you are associating with.

Armed Protection
High profile or affluent individuals encounter situations which may warrant bodyguard services. Particular events where your presence is publicly known, or scenarios where the threat level is elevated due to the environment or other factors.

Asset Verification
Confirming the amounts, locating, and vesting of assets for an individual or corporation can help you make accurate decisions on whether to engage with a subject, or plan adversarial legal action. We can match the actual status of assets with statements and representations made to you by others.

Corporate Due Diligence
Prior to entering into financial relationships with a company, financial advisor, investment service, or vendor, gathering corporate intelligence about the entity is valuable. Information concerning the makeup, subsidiaries, financial backing, officers, legal history, and background will increase the security of your relationship, and improve the arrangement you negotiate.

Fraud Investigation
Losses can occur from fraud committed by employees, domestic staff, relationship partners, and advisors. Individuals both close to you and apparently far removed can have enough access to create exposure. If something doesn’t seem quite right on your balance sheet or internal assessment, the source of the fraud can be detected. Recovery is most successful the earlier the fraud is discovered.

Security Assessment
The security of your home, family environment, business, and daily movements can be significantly improved. Identifying and correcting the most severe risk issues will increase the safety and comfort of your daily routine. A secure lifestyle maintains a higher financial condition with fewer expenses and losses to insurance deductibles, theft, injury, and time for other opportunity.

Activity Tracking
You rely on the statements of others to the accuracy of their activity. Knowing the actual locations of spouses, relationship partners, children, business associates, even vendors will improve the confidence of your relationships. Many potential problems can be diverted before they become severe if discovered in the early stages.

David Pelligrinelli
Owner and
Lead Investigator