Mark J. McLaughlin specializes in the use of cutting edge analytical and forensic analysis techniques for collecting, accessing and reconstructing digital data from computers, servers, networks, cell phones and other media sources. Mr. McLaughlin's cases have included; labor & employment (sexual harassment, wrongful termination, computer misuse, theft of trade secrets, self dealing), spoilage of evidence, intellectual property, contracts, e-discovery, computer intrusions, family law and criminal matters. His career spans over 25 years experience in corporate security investigations, information systems management and law enforcement. Mr. McLaughlin has been qualified as a computer forensic expert witness in court, and prides himself on being able to simplify complex technology for a judge and jury to easily understand. He was appointed to and is currently on the prestigious Los Angeles Superior Court Panel of Expert Witnesses.

His Forensic experience was gained working highly sensitive cases for Investigative Group International (IGI), Kroll Associates and Online Security. Based in Los Angeles, he traveled extensively in support of litigation, corporate investigations and criminal matters. Mr. McLaughlin received specialized forensic training from Guidance Software, the makers of EnCase the leading forensic analysis suite. A former member of the Century City Bar Association, he's also an approved California State Bar MCLE Provider and frequently presents a course entitled, Computer Forensics - In search of the smoking gun to attorneys and investigators nationwide.

Mr. McLaughlin has extensive experience designing, managing client/server information and telecommunication systems, in addition to conducting security audits and threat analysis. He is fluent in networking, data communications, Windows, office automation applications, the ever-expanding Internet and its associated protocols. Some of his clients have included: Kaiser Permanente, Kenwood, Bank of America, Certified Grocers, SmithKline and Memorial Health Services. This experience has given him the expertise to conduct thorough forensic examinations of various systems for specific evidence including; recovering erased and password protected data and email files, while preserving the integrity of digital evidence for discovery and trial.

After graduating from the Long Beach Police Reserve Academy, with top academic and marksmanship honors, he worked assignments in uniformed patrol, juvenile, vice and felony car. Mr. McLaughlin received specialized training at the Naval Criminal Investigative Service - Computer Crimes Conference and attended seminars in Narcotics Officer Investigation. While working corporate security he conducted auto theft, fraudulent credit card and undercover employee fraud investigations, in addition to retail store security.

Mr. McLaughlin received an Associate of Arts in Administration of Justice from Rio Hondo College, and Bachelor of Science in Business Administration from the University of Redlands. He formerly held a teaching Credential in Computer Science at the California Community College level. He is a member of the High Technology Crime Investigation Association (HTCIA). Mr. McLaughlin has made many presentations to professional organizations, trade groups and corporations on computer forensics and authored an article for IT professionals on how to conduct an intrusion investigation. Mr. McLaughlin has been a resource to news organizations on matters of computer forensics.

- by the Honorable Warren L. Ettinger on Los Angeles Superior Court case number BC 196 592, Haber v. Small; Haber v. Mantra Films

- by the Honorable Ray Hart on Los Angeles Superior Court case number BC 213129, Krauz Puente LLC v. Slam.Site, Strategic Alliance Partners, Frank Westall, Chip Hilts, Cases Ladder, Inc and Gordon Landes.

- by the Honorable James Dunn on Los Angeles Superior Court case number BC297772, Donovan Lee Black v. Cushman Wakefield

- by the Honorable Mel Red Recana on Los Angeles Superior Court case number BC 317046, Ken Marefat v. Pall Corporation

- by the Honorable Coleman Swart on Los Angeles Superior Court case number BC402101, Sample v. Flint

Information Systems Experience - Over 14 years experience operating, designing, installing and managing Client/Server micro and midrange information and communication systems, including conducting numerous security audits and potential threat analysis. Extensive experience in system recovery and restoration of erased files. Researched, authored and managed comprehensive State Banking Department disaster recovery and IT security plans.

Microcomputer - Hardware: IBM, Compaq, Toshiba and Macintosh Desktops and Laptops. Operating Systems: DOS, Windows 3x/95/98/NT 3.51 & 4.x, System 7. Email: MS Mail, cc:Mail, Outlook 97/98/2000, Notes 4.6. Office Automation: MS Office 4x/95/97/2000, Word, Excel, PowerPoint, WordPerfect 6, Lotus 1-2-3, MS Project 98, Persuasion, AmiPro. Database: Paradox, Access, dBase, SQL, Crystal Reports. Internet: Netscape, Explorer, FTP, Eudora, TCP/IP, HTML. Desktop/Web Publishing: Corel Draw 5, PageMaker, PhotoShop, Visio 5.5, ABC Flowchart, Netscape, FrontPage 97/98/2000, Image Composer. Emulation: Extra for Windows, Rumba, Termite, FTP. Communications: ProComm Plus, WinFax, Closeup, Carbon Copy, LapLink. Accounting: Peachtree, SBT. CRM: Vantive, Remedy, DP Umbrella, Magic, PHD. Investigative Tools: EnCase, PC Tools, Norton. Peripherals: HP and Tektronix laser printers. HP Scanner.

Mid-Range - Hardware: IBM RS6000 R20/10 & 25T, HP-3000, Prime, Microdata 9000, DEC Alpha and VAX. O/S: AIX, HP-UX, VMS, MPE XL, Primos, Pick. Applications: Cerner, Citation, Meditech, Sunquest, HBOC, HSS OPUS, Biovation Lyris 100, Cortex, Mediware, Medtek, Siemens CTI: Softphone, TServer. Database: Sybase. CRM: Vantive.

Networking - Operating Systems: Novell Netware 3x/4x and Windows NT 3.5/4x. Protocols: TCP/IP, IPX/SPX, ISDN, SNA, TN3270, X.25, NCR 796-301. Topologies: Ethernet 10/100 and Token Ring. Routers/Hubs/Switches: Cisco, UB, Bay, Cabletron, Fibermux. Internet Gateway: Lotus SMTP Cabling: Fiber, UTP Level 5 and Coax. Management Systems: HP OpenView Backup: Storage Express, ArcServe, Leggato Messaging: MS Exchange 5.5, MS Mail, cc:Mail

Communications - Nortel Meridian 1 PBX with option 81, Meridian MAX, Mail, Link, ACD and IVR. Siemens Saturn ACD Centrex: Analog and ISDN systems. Voice Mail: Octel Overture 250 with Aria Software

· subsequent to the Court's digital evidence discovery order, an forensic examination determined that a Defendant intentionally deleted relevant data using a "shredder" program. Evidence of the search for, download of and use of this shredder program was presented in court along with expert testimony. Defendant received monetary sanctions and precluded from testifying at trial.

· an HR department suspected a key employee was stealing company documents and preparing to delivery them to his new employer. The employee's company laptop was seized and zip files containing sensitive files were recovered.

· a company defending a sexual harassment suit requested the examination of their accuser's and manager's PCs. An examination revealed the specific allegations of images on the manager's PC were in fact there and nothing was found on the accuser's PC. An immediate settlement was negotiated.

· an accounting manager for a pharmaceutical manufacturer used his employer's funds to pay off a personal loan. Mr. McLaughlin recovered evidence of the fraud and cover-up through his forensic computer search, and then interviewed the subject who confessed to the fraud. A referral was made to local law enforcement and our client received partial restitution.

· planned and managed a tactical operation for a major electronics company to seize digital evidence pertaining to an international computer peripherals piracy scheme. Mr. McLaughlin conducted an exhaustive bit-by-bit analysis of the computer hard drives, running the Chinese version of Windows, then reconstructed the conspiracy, including the recovery of "deleted" emails and financial records.

· a marketing manager conspired to submit fraudulent invoices totaling $300,000 to his employer. Mr. McLaughlin recovered evidence of the complex fraud scheme from erased document and fax data files and email messages, then referred this matter to local law enforcement for prosecution.

· working under a court order for the review of computer evidence in a major entertainment industry civil case, Mr. McLaughlin conducted an analysis of the company's server network, recovered key information critical to the plaintiff in the case. Additionally, Mr. McLaughlin uncovered digitally "embedded" information confirming the defendant used a "sanitizing utility" on many of the files less than four hours prior to his court ordered review, potentially destroying evidence. He testified as an expert witness and the defendant was sanctioned $120,000 for spoilage of evidence and the plaintiff ultimately won a $4 million judgment.

· an insurance company potentially liable for a $300,000 entertainment claim, needed to determine if internal negligence or an internal conspiracy contributed to the claim. Mr. McLaughlin imaged several PCs, restored backed-up network email, then searched for evidence. It was determined that only employee negligence contributed to the claim.

· a major software game publisher had several key employees suddenly leave to work for another company creating a potential $500,000 employment contract exposure. After searching eight PCs, Mr. McLaughlin was able to show how the employees communicated in violation of their agreement.

· a healthcare provider purportedly experienced system problems hampering a court ordered examination. Mr. McLaughlin interviewed the systems administrator who eventually confessed to deleting key server files causing the problem.

· a company's inside counsel was accused of malpractice while handling private cases on company time. Mr. McLaughlin was able to reconstruct deleted files to prove the self dealing allegation and thwart a wrongful termination action.

· a major software publisher was victimized for $660,000 over six weeks by a sophisticated international call cell fraud ring. Mr. McLaughlin conducted a technical surveillance to identify the origins of calls, then liaisoned with local and federal law enforcement. He also assisted at identifying and closing vulnerabilities in the clients network.

· a retailer suspected that her partner was selling inventory for cash and pocketing the proceeds totaling $200,000. Mr. McLaughlin reconstructed the accounting database, identified emails and proved the allegation.