Are you looking for evidence?

Crypsis Digital Investigations offers the forensic collection, analysis, recovery, and reporting on information gleaned from digital media. Our nationally recognized experts apply scientific methods and state of the art tools and techniques to find, recover, and interpret digital artifacts. Our findings and conclusions are measured against industry best practice, rooted in fact, and designed to withstand opposing party scrutiny.

The Crypsis Methodology

Identify & Collect

Identify & Collect

Defensible opinions start with a robust forensic collection. Crypsis goes deep to understand your environment and make informed strategic decisions regarding the identification and preservation of relevant data.

Analyze & Interpret

Analyze & Interpret

It’s all about the artifacts. From the common to the esoteric, Crypsis consultants employ highly scalable processing techniques to recover, extract, and parse relevant forensic artifacts. We then analyze, cross-correlate, and interpret this data to answer your key questions.

Validate & Report

Validate & Report

Findings you can count on. We validate our findings & opinions with tool testing and internal peer review. We communicate this information in clear, precise language, designed for use by non-technical triers of fact.

Data Sheet: Digital Investigations

Services Offered

Service Overview


The Crypsis team is comprised of recognized experts who are accomplished authors, educators, and speakers on digital forensics and network security. When disputes involving digital evidence end up in court we work with our clients’ legal teams, advising counsel on technical matters during the pre-trial process, including depositions.  In this advisory role, we have reviewed and assessed declarations, affidavits, and reports of opposing experts to provide guidance to counsel on complex issues.

Case Study


Members of the Crypsis team worked with outside counsel on behalf of a Fortune 100 company in support of litigation resulting from a data breach. At question was the adequacy of the compromised organization’s response to the breach.  During the course of the investigation, our experts provided analysis of workstations, logs, and network traffic. They also performed document review and conducted interviews to provide an expert opinion.

Service Overview


You suspect employees of stealing proprietary or confidential data.   Non-public information is leaking to competitors or the press.  You fear an employee is improperly accessing sensitive information.  An employee is stealing from you.  These and similar challenging situations require a delicate approach and the experience and expertise of professionals who have been there before. Crypsis experts have conducted hundreds of internal investigations on behalf of government agencies and organizations across a wide range of industries. We leverage our deep experience to develop custom tailored investigative plans, and employ best in class network forensic scanning and searching techniques to quickly, quietly, and efficiently find evidence relevant to the inquiry.

Case Study


When the general counsel of a data aggregation technology company became concerned after a rash of senior employee departures, she reached out to Crypsis to investigate.  Crypsis worked with company IT personnel to image the departed employees’ former workstations, obtain copies of mailboxes, and collect network logs.  Our forensic analysis quickly revealed evidence that the employees had been conspiring to start a competing company.  We recovered evidence the employees had downloaded company source code to USB drives, uploaded business strategy documents to cloud storage accounts, used webmail for side-channel communications, and attempted to cover their tracks with the use of wiping software.  We reported our findings to counsel and supported a successful motion for preliminary injunction providing declarations and hearing testimony.

Service Overview


The Crypsis team includes an elite corps of digital forensics experts who can identify the root cause of an incident by peeling back the layers to determine its size and scope, the data that is at risk, and where it came from. They know how and where to look for actionable data within your digital environment – laptops, workstations, servers, USB drives, network storage, email systems, cloud storage, hard drives, and custom application data. And when investigations end up in legal proceedings, we serve as technical advisors to our clients’ legal team, advising counsel during depositions and testifying in court.

Case Study


Members of the Crypsis team worked on behalf of a public university to provide in-depth forensic analysis of multiple network intrusions involving the potential breach of sensitive data held by the university.  Our experts co-authored reports for university personnel with their findings, including analysis of the methods of the compromises, the intent of the intruders, and the intruders’  access to confidential data.

Service Overview


Your system just got hit with a ransomware attack and your files are now locked up. How do you respond to this crypto-extortion? Our ransomware experts will work to reverse-engineer the malware that infected your system and try to recover your data. And if you decide it is better to just pay the ransom, we will broker and validate a solution that minimizes the cost of recovery for you, validates the transaction, and prevents further extortion from the attacker. We can also develop and implement a containment plan to isolate any additional infections and prevent further ransomware attacks.

Case Study


Crypsis consultants were called in to help a manufacturing company that fell victim to a ransomware scheme in which the hackers gained access to data through a phishing email that claimed to come from a large shipping company. The email said that a failed delivery attempt was made to the company and invited the recipient to click on an attached ZIP folder that, when executed, downloaded and installed ransomware to the system. When this happened, its files were encrypted and a ransom of 4 Bitcoins was demanded to receive the decryption key for accessing the files. The ransom was not paid because the company had recently backed up its important data and was able to cut its losses on the additional data that could not be recovered.

Our investigation determined that this was strictly an opportunistic attack in which a victim’s files were encrypted because an employee clicked on a phishing email attachment and executed ransomware. We determined that there was no unauthorized access into the environment itself and no additional activity other than the ransomware infection.