©2019 FLATWATER FORENSICS, LLC, A VITAL ENTERPRISES COMPANY

Flatwater is positioned to offer a host of consulting services that give our clients the advantages of advanced critical understanding of complex digital issues and a capacity for meaningful early evaluation of problems tied up in voluminous data. Whether in support of internal investigations, managing Cyber risk and compliance, or in support of litigation, Flatwater's digital expertise can be employed in a variety of enterprise settings to improve speed to insight when volume threatens to delay and obfuscate the search for answers.

 

Representative services include: Internal Investigation Management and Support; Network and Enterprise Forensics; High-Volume eDiscovery Consulting; Fractional CISO/CPO Services; and Cybersecurity Risk Management. 

 

  • Internal Investigation Management and Support: Flatwater can design, lead and manage internal investigations of scale, coordinating the human intelligence (interview teams) with the digital evidence (acquisition, review and analysis of data relevant to the investigation) in support of vital corporate decision-making. Flatwater’s unique “data-first” approach emphasizes the improvements in quality, accuracy, and efficiency of investigative efforts garnered by rapid coordination between early data analysis and the investigative teams on the ground. 
     

    • Experience: Flatwater’s team of lawyers, legal professionals, and technical experts have led and participated in scores of internal investigations across multiple continents, for major financial institutions, massive labor unions, and Fortune 100 companies. We know how to build the right team of federally-experienced lawyers, investigators and technicians; how to plan and execute in complex and delicate corporate environments; and how to deliver answers to the questions companies know to ask, as well as the ones they may miss.
       

    • Speed and Precision: Flatwater can deliver both at once, reducing time to insight. Often, investigators begin asking questions before they know the answers, rendering interviews ineffective at best and misleading at worst. Flatwater’s analytical team can make short work of millions of documents, often locating the most crucial evidence in the investigations within hours of processing data for review, supporting a more targeted and effective investigation.
       

    • Substantive and Technical Expertise:  Flatwater has experience across numerous fields of substantive expertise, with lawyers on staff who understand the critical legal issues at play. When investigations occur at the confluence of information technology, information security, or other complexities of voluminous data, Flatwater’s unique capability is unmatched.
       

  • Network and Enterprise Forensics: ​Computer forensics—investigations concerning the operation of computer devices—was a challenge when it was limited to desktops and laptops. Increasingly, companies are migrating data to the cloud via myriad applications and devices that themselves change at a staggering pace. The average corporate digital environment is growing more complex and so is the obligation to preserve and produce data from enterprise-level platforms like Slack or Dropbox. Often overlooked, it is the network-level data, and the associated metadata, that prove to be the most probative in investigation and litigation, and Flatwater can accurately map, identify, preserve and analyze the most complex enterprise data sets.
     

    • Network Data Mapping:  A client’s data is no longer contained on a series of isolated user devices; data is a system, an interconnected set of user and network devices (phones,  computers, firewalls, exchange servers), with user and enterprise accounts (email, shared network drives, cloud accounts). If you are to identify the data that must be preserved or to acquire some of the most probative data concerning the movement of documents across a system, you need a team that understands both how to trace the flow of data into, out of, and through a network, and how to explain its provenance and relevance in a courtroom.
       

    • Data Evaporates:  In the “wilderness” of corporate and enterprise environments, data is often ephemeral. The data that you expect to be maintained over time (documents and user generated content) will most likely be there when you need them. But we find that routinely clients and counsel are not aware of the metadata that can be lost to time—account activity logs that may be maintained only for a period of months, server or firewall logs that may be maintained for only a matter of weeks. Without a team that understands the value and nature of these myriad data sources, clients run the risk of losing what can be the most valuable evidence as to what happened with the key documents in the case.
       

    • Who, When, How, and Why: Traditional eDiscovery often represents the “what” in a case or internal investigation; forensics is the definitive who, how, when, and most important for issues of intent, the why. The metadata (the evidence about the evidence) and logging data often provide the surest ways (sometimes, nearly unassailable ways) to date, authenticate, and track what has happened with the documents at issue in the case and the associated actions of the users who created, modified, or disposed of them.
       

  • High-Volume eDiscovery Consulting: ​When litigation invokes the volume and complexity of data found at an enterprise level, lawyers confront an engineering problem—how to get the data from the corporate environment into discovery and on to trial. Flatwater’s team of lawyers and technicians excels at this level—designing a legally defensible “pipeline” to acquire the data from the field, “refine” it for analysis, and prepare it for litigation. From scoping, to ESI plans and protocols, to the coordination of eDiscovery and forensic analysis, Flatwater’s consulting services exceed the industry standard to provide you with a true partner in engineering and managing the growing and shifting digital elements of litigation, all with an eye toward what lawyers need most—admissible evidence that will sway a Judge or Jury at trial.
     

    • Scoping:  Some of the most critical work on a case that will turn on the identification and acquisition of digital evidence is done at the inception of the dispute, in support of preservation efforts and litigation holds. Specifically, having a consultant with the technical skills to map a corporate network, understand the various data repositories, and vet the information provided by the client’s IT personnel, can be determinative. Flatwater knows who to ask for data, how to ask for it, and where to look when the answers don’t add up.
       

    • Strategic Expert Consultation:  Navigating ESI in the adversarial context is increasingly perilous. Often, opposing parties seek to gain advantage—either by obfuscating the existence of certain evidence or by asserting a right to more than is necessary—through ESI or forensic protocols, or via ad hoc requests amounting to a forensic search warrant. Flatwater knows the pitfalls and understands how to marshal the right evidence to press the advantage when it makes sense.  
       

    • Value that Matters:  Flatwater can make the difference between targeted, effective discovery and merely splashing around in the data. Flatwater’s understanding and employment of advanced technology in support of your eDiscovery obligations provides the means for swift, granular analysis and efficient review of terabytes of data. Flatwater provides a competitive advantage in early case analysis and triage, and in marshaling critical evidence ahead of the opposition.
       

  • Fractional CISO/CPO Services: Many small-to-mid-size businesses, including law firms, operate without a Chief Information Security Officer. Often, these businesses leave information security to their IT Department, which has a couple of unintended and potentially detrimental effects. First, IT is a busy department in almost every business we encounter, and information security routinely takes a back seat to the day-to-day maintenance of the entity’s infrastructure. Second, the conflation of IT and Cybersecurity, while common, is ill-advised, because it leaves IT without a true information security resource and without a sufficient security check against IT system management. Flatwater can provide a part-time CISO/CPO at a fraction of the cost to bolster your company’s security posture with proven and demonstrable plans, tailored to your business and budget.
     

    • Part-Time, Affordable CISO/CPO Services:  Many companies we encounter cannot afford a full-time CISO or CPO, despite their need for a security officer. Flatwater has developed a system to provide low-cost, high-value CISO/CPO services, including Security Oversight, Compliance Reviews, and Information Security policies and planning. For many companies, this fractional service can substitute for the need for on-site, full-time staff to accomplish the same goals.
       

    • IT Doesn’t Cover It: IT and security, despite their common conflation, are diametric opposites. IT’s prime objective is to keep the system running, get everyone access, and provide the team with what they need as fast as possible. Those aims run contrary to the goals of Cybersecurity, which by design must serve as a check, not on productivity, but on unfettered access that can leave a business open to attack.
       

    • Consistent, Auditable, Verifiable: Perhaps most of all, clients need meaningful reporting to set targets and make progress toward milestones. Once milestones are reached, they need consistent verification that the security gains are being maintained. Flatwater’s Fractional CISO/CPO is not a hands-off lecture about the importance of Cybersecurity. It is a partnership in the development of a tailored plan that will yield measurable results.
       

  • Cybersecurity Risk Management: ​The first step in an organization’s effort to fortify its Cybersecurity is to identify and assess cyber risks and vulnerabilities.  Aside from stumbling onto a vulnerability when it is already too late (during or after an exploited vulnerability has led to a hack), a Risk Assessment incorporating network vulnerability scanning is the most comprehensive and business-oriented means of addressing Cybersecurity risks. Flatwater knows how to quickly and affordably assess these risks, prioritized for a particular business, and how to create a set of policies, a series of solutions, and an implementation plan to practically address them.
     

    • Business-Oriented Advice:  Flatwater takes pride in approaching Cybersecurity from the business vantage—across sectors, companies large and small, Flatwater’s team assesses and addresses information security risks practically. Understandably, businesses rarely want to spend money on a sector of their business that is not intended to drive profit, but Flatwater knows how to set priorities and identify solutions to match the budget and the business. Flatwater serves the crucial function of “translating” Cybersecurity to facilitate discussions between technology experts, Cybersecurity professionals, compliance officers, internal and outside counsel, and business decision-makers.
       

    • Broad and Deep Experience:  Flatwater’s team has seen the gamut of information security threats and has fashioned myriad solutions for clients large and small. Based on your entity’s specific profile, Flatwater has the expertise and the security awareness to assess the threats, to assign probabilities, and to matrix available alternative solutions to mitigate known exploits. What may seem unintelligible and complex can be distilled and addressed with your technical staff in an organized and meaningful way, often without substantial costs.
       

    • Regulated Data:  The number of information-security and privacy regimes is growing. You need a team that knows those regimes, that understands how to classify your data, and that can provide a road map toward compliance. The history and experience of our unique, multidisciplinary team include the initial development of Cybersecurity law and of government and private Cybersecurity compliance regimes. We understand their requirements and, critically, how organizations may meet standards by way of alternative, equivalent actions.