At Fields Associates, we specialise in the recovery of the digital “fingerprints” left by the routine use of computers. Even erased files can be recovered and examined, ensuring that you have all the evidence available to support your investigation.
Established in 1999, we have earned an impressive reputation in the detection, analysis and presentation of computer evidence in the broadest range of criminal activities. These include fraud, extortion, data theft, child pornography and Internet abuse.
Our clients include legal firms, international banks, blue chip companies, law enforcement and military organisations.
The Defendant was a company director accused of possessing a number of unlawful files located on a multi-access business server. These files detailed the production of explosives, currency notes and drugs, as well as providing various tips on terrorist activities. The Defendant denied the allegations. Fields investigators developed a new forensic procedure called ‘directory-tree imaging’ in order to constrain the identity of the owner of the proscribed files. The investigation resulted in the pre-trial acquittal of the Defendant, and provided Law Enforcement Authorities with an alternate target.
Fields investigators successfully identified a significant anomaly in the Prosecution forensic evidence that traced directly to an acquisition procedure employed at the High Tech Crime Unit. Once identified, the procedure was abandoned by both the Police Force and then later by all UK Police authorities. The Defendant was aquitted.
Fields experts successfully detected the installation of a hitherto unknown remote access Trojan virus. They successfully demonstrated the active status of the virus, its mode of operation, and various file lists transferred to the target machine.
The Defendant was accused of possessing unlawful computer files. Fields experts were asked to analyse the data with a view to determining the validity of the Defendant’s claims. To achieve this Fields investigators developed an innovative new forensic procedure involving Win32 file date and time stamps. The procedure successfully identified functional deficiencies in the operational procedures employed by a given Law Enforcement agency. The case is now required reading for Law Enforcement operatives studying forensic computing courses at the Royal Military College of Science. The Defendant was acquitted.
The Defendant was accused of possessing unlawful computer material. Fields experts were asked to analyse the data with a view to determining the validity of his claims. To achieve this they reverse engineered 19 commercial Trojans and marketing scripts, positively identifying 2 hitherto unknown Internet Browser exploits capable of maliciously downloading and operating an executable file in stealth mode on a victim’s machine. Experts later successfully established positive links between unlawful operators within the pornographic industry and the activity of malicious marketing software. The results of the investigation were presented at trial for a duration of one week. Though the work was originally challenged by the Prosecution, it was later accepted by academics from the Royal Military College of Science. The Defendant was acquitted on all counts.
S-v-V B (Commercial)
Fields spearheaded the development of a new technique used to analyse secure digital voice recordings made by various air traffic control, financial, and law enforcement agencies. The procedure involved the analysis of the helical scanning system used to deploy data blocks to the receiving digital media. Experts successfully applied the technique to demonstrate that a recording previously considered bogus was in fact genuine. The results of the investigation were accepted by all parties including the hardware manufacturers.
The Defendant was accused of possessing and making unlawful computer files. Fields Experts identified fundamental flaws in the way the Prosecution interpreted the digital evidence. Fields experts went on to identify the presence of activity indicating use of the target computer system by parties other than the Defendant. The investigation resulted in the pre-trial acquittal of the Defendant.
The Defendant was an employee of a large multi-national corporation and was accused of Obtaining Money by Deception & Theft. The Prosecution’s evidence was examined by Fields Associates as well as a Prosecution instructed expert. Though initially disputed by the Prosecution expert, it was eventually conceded that the digital evidence provided by the Prosecution had not been created in a manner that adhered to the necessary guidelines. The results of the investigation involved a review and amendment to the company’s management of staff payment procedures.
International Car Manufacturer
Fields Associates acted on behalf of a major car manufacturer who requested that they attend the premises of the corporation to conduct an on-site analysis of a specific workstation, as well as the main computer network. Experts identified the specific member of staff responsible for the dissemination of material relating to senior managers via the company web site. The investigation led to the formal interview and subsequent dismissal of the member of staff concerned.
Recruitment Consultancy – Theft of Corporate Data
Fields Associates acted on behalf of a large national recruitment consultancy firm. An investigation was completed by Fields Associates involving a number of workstation computer systems as well as the main server within the company. An examination of the computer systems was conducted to identify evidence relating to the activity of an ex-employee of the company, suspected to have provided confidential data to a competitor before his employment terminated with them. Relevant email activity was identified between the target and a senior employee of a competitor. The investigation enabled successful legal proceedings to be taken by the instructing company against its competitor.
R-v-Tina C – Fraud, Theft & Deception
Fields Associates acted on behalf of Hampshire Constabulary in the examination and investigation of computer systems seized from the workplace and home of an employee suspected of fraudulently obtaining money by deception. An examination was conducted of the company’s computer system where evidence was identified within the payroll and accounts software to support the allegations. The investigation led to the pre-trial plea by the Defendant at Crown Court.
R-v-Simon C – Possession, Making and Distribution of Indecent Images & Child Grooming
Fields Associates acted on behalf of Hampshire Constabulary in the examination and investigation of computer systems seized from the home address of a person suspected of possessing unlawful computer files. Following examination of the computer systems, evidence was identified to indicate the presence of indecent images of children and contact with a number of children via messaging software. The case resulted in a guilty plea by the Defendant at Crown Court.
Recovery of Evidence in a Probate Matter
Fields Associates were instructed by a Solicitor to forensically examine and recover documentary evidence from a computer system owned by a recently deceased person. The instruction was given following loss of data from the hard drive. It was believed that the drive contained the most recent amendments to the persons will. An examination of the hard drive for specific terms provided by the instructing Solicitor revealed the presence of a relevant Word document that was then recovered.