How long has GCIS been in business?

GCIS was incorporated in February 2009 by David Gallant.  David has almost 30 years’ investigative experience with over 22 years focused on computer related matters.


Is there a license required to perform digital forensics?  Is GCIS licensed?

GCIS is licensed as a Texas Private Investigations Company.  This is REQUIRED to perform digital forensics in the State of Texas – http://www.statutes.legis.state.tx.us/Docs/OC/htm/OC.1702.htm - Sec. 1702.104 (b).).  Our license number is A15633.   Anyone who provides forensics services without a license can be fined up to $10,000 for each violation (http://www.statutes.legis.state.tx.us/Docs/OC/htm/OC.1702.htm Sec 1702.381 (a)).  Anyone who knowingly hires an unlicensed person can also be fined up to $10,000 for each violation http://www.statutes.legis.state.tx.us/Docs/OC/htm/OC.1702.htm  Section 1702.381 (b).


What forensic tools does GCIS use?

GCIS uses the same forensic tools that law enforcement offices around the world use.  AccessData’s Forensic Toolkit (and its adjunct tools), Cellebrite’s UFED4PC and Physical Analyzer, and Magnet’s Internet Evidence Finder are the primary tools used.  We also use other approved forensic tools as is necessary.


I think my iPhone has been hacked.  Is that possible?

Apple designs their iPhones and iPads with security in mind.  Security is an ever-evolving process, so NO DEVICE or COMPUTER can ever be 100% secure.  The current conventional wisdom is that an iPhone 4S or NEWER that has a PIN number cannot be hacked. To truly hack an iPhone (or iPad), one would have to gain physical access to the device, know the PIN number, then use a technique called “jailbreaking” to install monitoring software on the device.  There are currently no known remote attacks that will work on an iPhone.  However, recent press reports via WikiLeaks releases allege US Government agencies can hack iPhones (and some smart TVs), although as of this date I personally have not seen credible information that confirms this allegation.

This is not to say the DATA on the device can not been compromised.  What’s the difference?  It someone knows your AppleID and password, they can log into the account with their device, add their device to your AppleID, and then get all your iMessages as though they were you.  If someone were to do that, you would get an alert on your device(s) that another device requested access, and you would need to approve it.  What if that person was someone you trusted and had access to your device long enough to approve the new device?  That’s all it would take to compromise your data.

If you believe someone did successfully hack your device or compromise the data, a professional analysis may be able to discover the evidence.


 

I’m an attorney and I need to serve a litigation hold letter for a new or pending litigation.  Can GCIS assist me?

Yes.  GCIS can assist you by reviewing any boiler plate litigation hold letters you have, and make reasonable suggestions that ensure the hold is not too broad yet makes sure you receive all the documents to which you are entitled.


I need to develop a key word (search term) list for an E-Discovery case. Is there a way to create one that will maximize the chances of identifying relevant data and reduce false positives?

I frequently receive search term lists that were created without consultation with a forensic expert that produce redundant false positive hits.  Reviewing these hits takes additional time and increases costs unnecessarily.  Consult with your expert early on to create concise search terms that will be more efficient without compromising results.


What types of information can be recovered from a mobile device?

This depends on the specific device model, the version of the operating system in use, and the level of security on the device.  As previously stated, if an Apple device is PIN locked and the PIN is unknown, then NO data can be recovered.  If we know the PIN number, we can get basically everything you can see on your device, PLUS a lot more.  We can recover some deleted messages, we can determine location data from the phone, we can get call logs, snapchat messages (and possibly any pictures sent via Snapchat), cell towers the device connected to (this is new technology that cannot yet recover ALL cell tower data), just to name a few.