Computer Forensic Digital Expert Witness

Provides Opinion & Testimony In:

Computer Forensic Digital, Computer Forensics, Digital Investigations, Develop Procedures, Develop Protocol, Information Theft, Extraction of Hidden Information, Retrieval of Deleted Files, Deleted Files, Recovery of Email, Internet Chat Data, Computer Security, Network Intrusion, Data Theft, Windows, Windows NT, UNIX, Macintosh, White Collar Crime, Organized Crime, Foreign Counterintelligence, Domestic Terrorism, Violent Crimes, Personal Crimes, Property Crimes, Public Corruption, Evidence Identification, Evidence Locating, Evidence Collection, Evidence Preservation, Electronics Technician,


1972-1975, Bachelor of Science in Business Administration, Rockhurst University, Missouri
Major:  Accounting

Federal Bureau of Investigation, Managerial Training
Technical Training – FBI Sponsored
Managerial Aptitude Program I
Unix Intrusion For Investigators
Executive Development Institute
Two Advanced Computer Analysis Response Team (CART) Field Examiner Training Sessions (Re-certification)
Macintosh Forensic Processing and Re-certification

Work History

2003-present, computer forensics company in Georgia, Vice President of Digital Investigations

As Director of Computer Forensics, Expert 1560 has established a highly professional computer forensic program, developing procedures and protocol to insure examination findings are accepted in legal and administrative proceedings.  He directs the day-to-day operations of the forensic program to insure the quality and professionalism of the services provided.  Clients include Atlanta’s largest law firms with offices nationwide as well as sole practitioners; Directors of Security, Risk Management Officers and Chief Information Officers of major corporations; physical and information security firms; and private investigation firms.  Cases have included theft of proprietary information; extract hidden information; retrieval of files deleted by a malicious employee; recovery of email and Internet Chat data in domestic cases.  He has been accepted as an expert witness in state and Federal courts, in civil and criminal cases.

2000-2003, Pinkerton’s Information Risk Group, Georgia, Director of Computer Forensics

Expert 1560 coordinated the Computer Forensic and Incident Response program that provided individuals and companies a professional and comprehensive approach to computer security incidents.  As Director he established the computer forensic examination policies and procedures for this worldwide organization.  He set the minimally acceptable qualifications for examiners.  He was the point of contact with clients and Pinkerton investigators and project managers to insure their needs were clearly understood and that all logical steps were taken to retrieve any and all information relevant to the project.  He also conducted computer forensic examinations.  A major project involved an SEC civil inquiry in which nearly 900 email backup tapes were restored, emails generated within a specified timeframe and belonging to specific employees were retrieved and provided to the client to be reviewed on a server designed and setup by Pinkerton.  Other cases involved threatening emails within a company, theft of proprietary information by an employee, and network intrusion and theft of data from the network.  He conducted IT security assessments and coordinated the related penetration testing.

2000, Netsentinel, Inc, Georgia, Senior Project Manager of Security Audits & Countermeasures

He reviewed security audit guidelines and revised them industry-recognized standards.  He reviewed the physical security aspects of the assessments and revised them to insure compliance with ‘best business practices’.  He assisted with the computer designed of the company intranet page.

1975-2000, Federal Bureau of Investigation, Various Locations, Special Agent

As one of the early Computer Forensic Field Examiners for the FBI, Expert 1560 was trained and approved by the FBI’s Laboratory Division to conduct forensic examinations on a variety of operating systems to include DOS, Windows, Windows NT, UNIX and several vendor specific variations of UNIX, as well as Macintosh operating systems.

Expert 1560 had a distinguished 25-year career as a Special Agent with the Federal Bureau of Investigation.  Serving in both investigative and managerial positions, he consistently received the highest possible performance rating from his superiors as well as case specific performance recognition.  His investigative background, while primarily in the area of White-Collar Crime, covered virtually all of the violations within the FBI’s scope of responsibility:  Organized Crime, Foreign Counterintelligence, Domestic Terrorism, Violent and Personal Crimes and Property Crimes.

As a member of the FBI’s management staff, he was a supervisor in the Organized Crime Section at FBI headquarters.  Later he served as a Supervisor of a Public Corruption Squad in Miami, Florida.  He supervised high profile and sensitive cases that resulted in his squad obtained convictions of mayors in two major south Florida cities and the mayor and half the members of the city council of a neighboring city.  He supervised a highly successful bribery and corruption undercover operation that resulted in the arrest and conviction of six State Court judges and over ten attorneys who paid bribes for favorable rulings.

He was promoted to the Chief of the FBI’s Budget Formulation Unit.  In this position he became well versed in many of the Bureau’s most sensitive projects and investigations.  Working under the pressures of the government’s budget process, he was responsible for insuring comprehensive preparation of budget request documents as well as briefing material used by officials of the FBI, including its Director.
Returning to field investigations he was immediately assigned to a Police Corruption case in Atlanta.  The year long investigation netted six corrupt officers who were taking money from drug dealers to protect their operations or they were stealing money from dealers.

He served as the Coordinator for Atlanta’s Evidence Response Team (ERT).  His training in the identification and locating evidence, the careful collection and preservation of that evidence and subsequent testimony at trial easily transfers to the Computer Forensic field.  Among his cases was one in which armored car guard was shot and killed during a holdup.  He processed the getaway vehicle and recovered fibers that contradicted one suspect’s denial of ever being in the vehicle.

His duties involved the task of planning the ERT’s presence and preparedness for the 1996 Summer Olympics held in Atlanta.  This required close coordination not only with other elements within the FBI, but also with several other Federal, state and local agencies.  Following the bombing at Olympic Park, he coordinated the efforts of four, eight member, FBI teams during the evidence recovery process.  He also supervised continued coverage for the Olympic Games that were still ongoing.  He also coordinated evidence recovery for the FBI at the two bombings in Atlanta that followed: the Abortion Clinic and the Other Side Lounge.  His team went to North Carolina to assist in the search for evidence related to bombing suspect, Eric Robert Rudolph.

1968-1972, United States Air Force, Staff Sergeant (E5) – Electronics Technician
Maintained airborne reconnaissance cameras; performed pre- and post flight procedures on assigned aircraft.

Commercial Vendor Training

Cybercrime Seminar 2003 and 2004 sponsored by the Atlanta Chapter HTCIA and the 2001 Mid-Atlantic Chapter Conference

Fundamentals of TCP/IP (Georgia Tech)

Introduction to Networking (Georgia Tech)

Multi-vendor System Admin (Georgia Tech)

Encase (Guidance Software)

Forensic Tool Kit (Access Data) – Boot Camp (Basic FTK) and Advanced Windows Forensics

Maresware (Dan Mares, Inc) PC Repair and A+ Certification Training

Unix For Users (Georgia Tech)

Unix Shell Programming (Georgia Tech)

Other Computer Skills

Word Perfect, MS Word, MS Excel, MS Access, Quickbooks Pro, Front Page and others.

Troubleshooting and Maintaining the Macintosh

Advanced Macintosh Troubleshooting Computer Forensics (National White Collar Crime Institute)

DOS Seized Computer Training (International Association of Computer Investigative Specialists)

Various Computer Forensic Workshops

Professional Memberships

High Technology Crimes Investigation Association (HTCIA)

American Society for Industrial Security (ASIS)

Society of Former Special Agents

Information Systems Forensics Association (ISFA)

International Association of Computer Investigative Specialists (IACIS) – former member (limited to active law enforcement only)