AUDIT ANY COMPUTER, LAPTOP OR MOBILE
FOR EVIDENCE OF MISCONDUCT

Do you Suspect an Employee or Other Individual of:
Stealing Information
Defecting to a Competitor
Time Wasting
Starting Their own Company
Accessing Sensitive Documents
Fabricating an Employment Dispute
Damaging Your Business
Performing Other Questionable Activity
Instruct us to perform a Device Activity Check on
any computer, phone or tablet and find out!
Call FREE 0800 9996432 Click to E-Mail Us

DAC is a fast, discrete and cost effective service designed to identify misconduct, IP theft or other undesirable activity.

Computer Forensics Online is a specialist  in discretely investigating computers, tablets and mobile phones for businesses and members of the public since 2008.

  We are able to provide you with a blow-by-blow dossier of computer activity on a day-to-day basis.

95% of our customers who purchased a DAC were alerted to misconduct, theft of data or other undesirable activity after submitting a device to us for analysis.

Most business customers now routinely budget for a DAC check to be carried out on all employees who have, or are in the process of leaving their company - to determine activity in the run up to their departure.

How Does a
Device Activity Check Work ?

Phase 1 - Evidence Preservation

A forensic copy of either a computer, laptop, tablet or mobile phone is made.  We arrange for a point-to-point driver to collect the device and deliver it directly to our laboratory.  Alternatively we can attend your office and copy the device at your premises at an additional cost.

Phase 2 - Artefact Extraction

User activity (what they did, when and how) is extracted from the forensic copy of the computer (such as websites visited, files opened, USB drives connected, web searches carried out and much more).

Phase 3 - Joint Investigation

Our ex-police computer forensics expert Mr Jon Munsey examines the extracted information and compiles a dossier of user activity that is potentially relevant to your investigation.

We then provide you with a simple spreadsheet that groups and lists user activity, so that you may use your internal knowledge of your business to identify further relevant evidence.

Phase 4 - Expert Report

Once the joint investigation is complete and both you and our expert have agreed upon which material is relevant,  an expert report is produced containing said. 

 This report will contain irrefutable evidence, which can be used in court of law, an employment tribunal hearing, an internal disciplinary proceedings or other legal process. 

What User Activity can a DAC Provide ?

Imagine being able to discover what your employees, business partners or other individuals have been doing on a day-to-day basis with their phones, computers or tablets.

Computers and mobile devices constantly record almost all user activity, almost everything you search for, open or read is secretly recorded.

The most powerful artefacts of user activity have been laid out below, imagine using them to aid your internal investigation or end a costly employment dispute, click the various headings below to find out what your DAC may be able to provide you with.

Click the various headings below to read a little more about what can be extracted from computers, laptops and mobile telephones;

Websites Visited

It is surprising which websites employees visit - whilst most are innocuous, often individuals visit sites that either violate company policy or demonstrate behavior that is not in the best interests of the company.


Visits to pornography, racial hatred, gaming, dating and social media websites are often observed and used to terminate or discipline an employee. 


A DAC produces a list of websites visited, often reaching back years - and in some cases as far back as to when the computer was first used.  This is literally surveillance on a minute by minute basis!

Internet Searches (Google etc)

We have ended more employment disputes and proven an employees malicious intent, with recovered internet searches than any other form of evidence.


Each time a user searches Google, Bing, Yahoo or any other search engine, the exact words they entered are recorded, often permanently, by the computer.


Imagine seeing searches for "jobs at company x", "how to copy files from the computer without my boss knowing", "how to set up a company" and "how do I fake constructive dismissal" these would be an immediate red flag which would cast doubt on the trustworthiness of any employee.  Yes, people actually type these exact search words into Google!

Personal Email Account Usage

Most, if not all people have personal E-Mail addresses, which they often access using a workplace computer.   Whilst this may not be a violation of company policy, sending company data to and from such E-Mail accounts most certainly is. 


There are also GDPR liabilities when such events take place - with heavy fines being issued by the Information Commissioner's Office. A DAC checks for the presence of any such accounts, allowing an employee to be questioned upon the usage of such accounts and any leaks of company data to these accounts identified.


Files Stored on USB Storage Devices

It is rare to see a computer that has not had a USB storage device used in conjunction with it, such as a memory stick or portable hard disk drive.  One trait users have, is that they often open files on USB devices and work from them.  


These actions are recorded by the computer and are extracted as part of the DAC.  As with E-Mail accounts, the storage of company data upon them is an extremely high risk (if they are lost) and subject to falling foul of GDPR if personal information (that of customers as an example) is stored on them and the company is not aware of this.


A DAC can be used to audit which USB storage devices your employees have been using and identify leakage of intellectual property and unauthorised storage devices.

Files & Folders Accessed

When a file or folder is opened by a user, this is recorded by the computer, often permanently.


A DAC collates all of these actions into a chronological list, which can be used to demonstrate which files and folders a user has accessed - and most importantly - when. 


It is common for dishonest or disgruntled employees to explore the contents of the company's computer system - for their own gain (by stealing useful files) or to access information that they are not permitted to - commonly pay scales, promotion and performance reports or other information that would aid the employee in some way. 


Using a DAC to audit what a user has been accessing can be a powerful weapon in any dispute or litigation process that may be underway.

Cloud Storage (Google Drive/One Drive and others.)

Cloud storage has become incredibly popular and is fast becoming the defacto way in which employees ex filtrate (steal) your company's intellectual property. Plans, diagrams, customer lists, databases, artwork, program code - are all often found to have been illegally uploaded to a Cloud storage account by an employee.


A DAC detects usage of these services and where possible lists files which have been uploaded to them. A valuable tool in the fight against intellectual property theft.


Deleted Files & E-Mails

Employees often become aware that their wrongdoing has been spotted - they swiftly delete material that could be used to incriminate them, be those documents or E-Mail messages.


A DAC provides you with a list of files that have been deleted from the computer, and with the "Premium" DAC a list of E-Mails that have been deleted.


This alone can be enough evidence to dismiss or end an employment dispute if malicious deletions have taken place in an attempt to hide their activities.

Malicious Activity Detection

An employer provides a computer to an employee with a degree of trust.  A DAC can be used to audit an employee's usage of time - from determining how many times each day they have accessed social media (such as Facebook), through to seeing how many times they have launched the solitaire game built into Windows.


We often detect employees that are moonlighting and using their computer during work hours to carryout tasks for another employer.


It is also not uncommon to observe the use of "wiping" or "track clearing" software in an attempt to hide their activities.


All very powerful weapons to use in an employment dispute.

Unauthorised Software Detection

Employees are often seen to install programs onto their computer for personal usage, whilst this is often a violation of a computer AUP (Acceptable Use Policy often issued to employees at the commencement of their tenure) - it is often overlooked.


Such programs can range from those that are unlicenced (such as cracked games or pirated productivity programs) through to the malicious (such as programs contaminated with virus or trojan programs that allow external attackers to freely access the company's corporate network) - through to those classed as counter forensic.  All of which put the company at risk in one form of another.


Counter forensic software is being encountered increasingly in the DAC's we perform.  Programs such as CCleaner, Evidence Eliminator and various other "wiping" tools are being used by novice users in an attempt to hide their tracks.


Once again, the presence of any such programs is grounds for dismissal or reprimand, both useful tools in an employment dispute.

Locations of Interest

When a phone or computer is connected to a WIFI network, for example in a coffee shop, a home address - or even a competitors office, this information can be extremely useful.


It is possible to timeline locations that a computer/phone has been recorded at - sometimes even if the WIFI at the location was not connected to by the computer or phone.

What Does The DAC Data Look Like ?

The data returned by the DAC is presented as a simple spreadsheet that contains chronologically organised lists of activity that has been recovered from the device in question (for example a laptop computer or mobile phone).

Below you will see an extract from this spreadsheet, to the left we can see "Google Searches" and to the right "Internet History" (websites visited).

High Success Rate via Unexpected Findings

The majority of the DAC's we have carried out over the past 12 years have resulted in a successful result for the client.  One extremely valuable by-product of a DAC is "unexpected findings".

Unexpected Findings Explained:

Sometimes, the evidence that is being sought is just not present (for example an employee stealing information) - often meaning that the suspect is innocent of the crime or act they are accused of.

However, as a DAC analyses EVERYTHING that the device has been used for, we often find infractions of the law or other undesirable activity which can be legally used in employment, court or divorce proceedings to instantly terminate an employee lawfully or force a judgement to be in your favour, due to new evidence submitted from our findings.

  This usually boils down to accessing inappropriate websites with such topics as; pornography, racial hatred, radicalism, terrorism, collusion or online dating to name a few examples.  The other most common finding is evidence that an employee has been accessing sensitive information within the company for which they do not have permission (unauthorised access). 

 All amazingly powerful evidence which when used in employment disputes, court cases and other legal matters can result in the matter being instantly closed in the employers favour.

How Clients Benefited From
Their Device Activity Check

The Stock Broker
(Insider Dealing)

A global banking firm commissioned a covert DAC on an existing employee, who was suspected of wrong doing. 

Analysis revealed that the employee had been
passing sensitive financial information on to a competitor via “Skype” chat in
exchange for large sums of money which were sent to a PayPal account the employee had set up. 

These messages were invisible to the firms IT system. 

 He was later convicted of accessory to insider share dealing.

The Estate Agent
(Intellectual Property Theft)

One of London’s largest estate agents called us as they had suspicions that their
customer database had been leaked to a competitor.

After examining five computers used by the suspects at the company’s head office, it was revealed that a contractor had downloaded the entire customer database and all pricing information to a
portable USB hard drive. 

The suspect later confessed on being presented with the DAC findings.

Substantial damages were awarded via litigation against the competitor who was actively using the information for professional advantage.e.
The Doctor
(Gross Misconduct)

A union contacted us for assistance defending one of their members who had been accused of viewing pornography whilst patients were in the room for
consultations. 

The evidence had been collated by an internal IT team. The DAC revealed that the suspect was indeed guilty of viewing pornography, however not when patients were in the room. 

The IT team had made a rudimentary error in their time calculations.

The member was disciplined instead of being struck off as a result.

The Office Worker
(Gross Misconduct)

Accused of stealing company intellectual property and maliciously deleting files, the employee commissioned his own DAC. 

It was revealed that another employee had logged on to the suspects computer and carried out the malicious actions in a crude attempt to obtain promotion.

The guilty employee was summarily dismissed from the company and later prosecuted under the Computer Misuse Act by Police.

The victim ironically went on to receive a promotion of his own.

The I.T Director
(Computer Compromised)

A large global organisation had terminated their IT Director for incompetence. 

Litigation was lodged for constructive dismissal by the disgruntled employee. 

 A DAC check revealed access to hard-core pornography websites and lengthy employment negotiations with a competitor.

This surmounted to contravention of restrictive covenants within his employment contract and breach of the company's computer acceptable use policy. 

These discoveries instantly countered the law-suit - as the employee had breached his employment contract and was found guilty of gross misconduct. 
The Designer
(Intellectual Property Theft)

A firms bespoke designs were being mass produced in China and sold via the EBay marketplace.

Desparate to curb the leak of designs from boutique to China, the CEO of the company comissoned a series of DAC checks on suspects within the company.

The head designers computer revealed she had uploaded the designs via cloud storage (DropBox) to a Chinese business entity reknown for producing counterfeits of western designed goods.

Recovered deleted E-Mails revealed that the head designer had been paid a large sum of money in return for sending over all of the company's new designs to the Chinese firm.

The Games Company
(Intellectual Property Theft)

A world leading London based games studio which produces AAA titles commissioned a DAC.

They suspected that one of their temporary contractors was stealing assets from their latest project.

A DAC was carried out on fourteen computers within the Graphic Design Department, which revealed that one particular contractor was indeed stealing graphics from the new project - by "zipping" the files and placing them on a portable USB hard drive. 

He was found to be using the assets in his own game that he was developing with a competitor.

He was summarily dismissed and sued for damages.
The Wife
(Harrassment)

A female client who was attempting to divorce her husband on the grounds of infidelity commissioned a DAC on matrimonial property, specifically a laptop computer she shared with her husband.

The DAC revealed that her husband was frequenting websites of a homosexual nature and was viewing pornography of said on a daily basis.

It was also revealed that the husband had arranged to meet various male individuals at hotels, bars and their home addresses for sexual encounters.

Upon reading the DAC activity report, the presiding judge swiftly granted the divorce our client was seeking.
The Architect Firm
(Hacking)

The IT Manager of a large firm of architects had a report from a member of the finance team that their computer had been compromised.

The IT Manager had managed to find out from interviewing the employee that they had inadvertently been directed via a telephone call to install software onto their computer which allowed a remote threat actor to have unrestricted access to the employees computer.

A DAC was commissioned to  determine what actions the threat actor had taken after gaining control of the computer.

It was identified that no company data had been exfiltrated on this occasion - the computer was subsequently sanitised and returned to service.

The employee was provided with education to reduce the risk of a future compromise.
The Bowling Club
(Fraud)

The secretary from a bowls club had a suspicion that the treasurer was stealing funds from the clubs bank account.

The computer used by club for admin purposes was sent to CFO for a DAC to be carried out to search for any evidence of wrongdoing.

The internet history records (websites visited, searches carried out) on the computer revealed that the user had been regularly accessing the clubs bank account and transferring funds to their own personal bank account.

The DAC report produced by CFO was submitted to the Police and a subsequent prosecution took place.

The end result was the club secretary being ordered by the court to pay back the funds they had stolen, along with a  sentence of community service.
Domestic Violence
(Assault)

A lady contacted us as she was experiencing domestic violence from her partner.

Sadly, the Police were reluctant to take her seriously and refused to analyse her mobile phone.

The client submitted her phone for forensic imaging (the process of copying  the phones memory) to CFO.

A DAC was carried out on the phone and any evidence of her contact between her and her partner were extracted and placed into a report.

The dossier of communication contained text messages, EMails, Whats App and Viber messages, many of which contained threats of physical violence from her partner.

Once the DAC report was presented to Police, they changed their stance and the case was investigated.
The Insurer
(Fraud)

An Insurer contacted CFO as it wanted to reduce costs and investigate claims in relation to high value computer equipment.

CFO designed a custom DAC which was used to examine damaged computers the insurer had collected from policyholders.

It was found that policy holders had deliberately tampered with hardware, software and even deleted valuable company data in order to make a claim on their policy.

The insurer had not previously been able to investigate such cases in a cost effective manner - their net result was a steep decline in number of I.T related equipment claims that they paid out on.




Who Performs the DAC Investigation ?
A Trusted Expert
Our expert Mr Jon Munsey has 17 years of experience in the digital forensics industry and has investigated over 1000 separate cases.  Few examiners in the country can match his level of experience.

Unrivalled Integrity
Mr Munsey has been trusted by heads of state, police, lawyers, business executives, celebrities and high net-worth individuals all over the world.

Plain English Reports
The information you receive from a DAC is in two parts.  The first being a series of lists, which contain everything that was recovered - all neatly segmented and organised in chronological order for you to review using  your inside business knowledge.

The second part is an expert report written in plain English by our expert Mr Munsey - which details the forensic processes carried out, along with an overview of what notable activity was found.

 The report also details important areas which you specify, so that any findings that are particularly relevant to your investigation are formally presented and can be used as evidence.

Admissible as Evidence in a Court of Law

Evidence discovered as a result of a DAC is admissible at court, employment tribunals, matrimonial disputes and other legal hearings.

WARNING:  Clients often attempt to 'self collect' evidence from devices such as computers and phones.

The end result usually being that the evidence is inadmissible (unusable) at court.

  It is critically important that an expert collects any such digital evidence, holding the proper certification, tools and experience.   All of which are necessary to satisfy legal proceedings that the evidence produced has not been accidentally or purposely tampered with, modified or otherwise changed.  

With a DAC you do not have to worry about such issues - evidence is collected, processed and reported on in accordance with the Association of Chief Police Officers (ACPO) guidelines  in relation to Digital Evidence.

This ensures that any evidence uncovered demonstrates the highest level of integrity and withstands any courtroom test or other scrutiny!

What Does The DAC Report Contain ?

Raw DAC data is not admissible in a court of law and can be rejected by an employment tribunal unless it has been correctly verified, formatted, explained and presented in an Expert report.

Reports are written in plain-English using layman's terms that are easy to understand and contain everything that you have deemed relevant (or have been advised to deem relevant by our Expert).

Our clients often report that those accused of wrong-doing quickly confess to their actions, end employment disputes or cease legal action once they, or their legal representative are presented with the DAC report.

A simplified example report can be seen below.


How Much Does a DAC Cost ?

DAC's are competitively priced (please call us for pricing (0800) 9996432) there are three types,
all offer the client the ability to balance budget versus effectiveness.

  Full details of what is included in each DAC type can be found below.

Be very wary of firms offering a full analysis for a lower price, carefully check the level of experience
 the investigator and report writer have - an inexperienced or junior (under 5 years experience)
 investigator is likely to miss vital evidence or make errors that could cause your case to collapse, when
 examined by another expert in the courtroom or at tribunal!

It is possible to upgrade at any time from one DAC to another, as often events change the investigative
 landscape and further digging into communication and documents is often required.

DAC's are usually completed within 7 to 14 working days dependant on which one you
 choose - however an express 2 to 3 day option is also available, at an additional cost, for urgent
 matters (such as when a court deadline is imminent).

  Most clients start out at the Standard level and upgrade or purchase additional expert time if necessary.

Click the pricing boxes below to expand them and see what each DAC check consists of!
  • Economy DAC - £P.O.A + VAT (7 to 21 Day Service)
    • This budget DAC check is designed for clients who already know exactly what their employee has done and when. 

    • The economy DAC is often used when an internal I.T team has carried out an investigation and the evidence they have found is verified by our expert and validated before use in litigation or tribunal.

    • Includes creating a forensic image (copy) of the target computer or phone - device must be shipped to our offices.

    • Includes 2 hours of expert analysis time and 2 hours of report writing time.

    • Does not include keyword searching of documents, E-Mail or analysis or user activity.

    • Designed for very simple matters.

    • Under normal circumstances the client receives a report within 7 to 21 working days from the date the computer or mobile device was submitted.
  • Standard DAC - £P.O.A + VAT (7 to 21 Day Service)
    • The most popular DAC check that is designed to examine the computer and produce vast swathes of user activity which can be examined for misconduct.

    • User activity is provided in an easy to read multi tabbed Excel spreadsheet, with comments and notations added during our analysis.

    • Includes everything listed in the Economy DAC.

    • Includes an additional 2 hours of expert analysis time (totalling 4).  

    • Does not include keyword searching of the computer.

    • Suitable for most investigations.

    • Under normal circumstances, the client receives a report within 7 to 21 working days from the date the computer/mobile device is submitted.
  • Premium - £P.O.A + VAT (7 to 21 Day Service)
    • This DAC check is designed for in-depth cases where all files (documents and E-Mail as examples) need to be searched via a set of "key words", such as peoples names, company names, or other words and phrases that may locate evidence.

    • Includes everything listed in the Economy and Standard DACs.

    • Includes indexing (making searchable) and permits keyword searching all documents and E-Mails on the device.

    • Includes and additional 2 hours (totalling 6) of expert review time to prepare files that contain search keywords for client review.

    • Suitable for in-depth investigations, where not only is user activity being scrutinised, but also communication and documents contained on the computer are systematically searched in order to locate evidence of wrong doing.

    • Under normal circumstances, the client receives a report within 7 to 21 working days from the date the computer/mobile device is submitted.
  • Express Upgrade (2 to 3 Day Service*) £1000 + VAT
    • For clients that require a faster turnaround, in certain cases it is possible to jump the queue of current cases and have your case worked on immediately.

    • This is useful for cases where there is a deadline such as a court date or tribunal hearing, or other time sensitive circumstances.

    • For a single computer, laptop or mobile device this means that preliminary findings and a telephone case conference based on said can be held within 2 - 3 working days of the device being delivered to our laboratory.

    • * = Some computers are just too large to physically process in this timeframe.  If we believe that results won't be forthcoming due to the size of the device submitted, we will advise you of this to avoid dissapointment.

Additional Charges


Whilst most clients conclude their investigation within the DAC package price, sometimes matters become
complex and require additional hours, travel or expenses.

  There is no need for concern, any additional charges will be brought to your attention before they are incurred so you can
choose whether to proceed and maintain control of costs at all times.

Additional Expert Hours

£POA + VAT

Should you investigation consume all of the included expert time within your chosen DAC package, additional hours can be purchased in hourly blocks at any time.

Travel 
Time

£POA + VAT

Should you require our expert to travel to your office or location, an hourly travel rate is applied to both outgoing and return journeys.

Expenses & Other Costs


Other expenses include, but are not limited to public transport, overnight accommodation, meals and mileage (charged at 45p per mile) when CFO vehicles are used. Courier fees transporting devices also apply if these services are required.

About our Expert & Computer Forensics
Online Limited


I am Jon Munsey owner of Computer Forensics Online (CFO) - established in 2008, Device Activity Checks are a service that CFO provides and the brand www.iamconcerned.co.uk is also wholly owned by CFO.  

As a senior ex-Police computer forensics investigator, I have been investigating computer crime all over the world for 17 years.  I know how criminals and employees tick, thus I know what to look for when investigating.

With CFO you are in the hands of one of the most experienced consulting experts in the country, you can be assured of friendly, considerate, non-judgemental, discrete and professional service.

Click the Computer Forensics Online banner above to take a look at our full website and see all of our services, or take a look at my Linkedin profile to see more of my history and experience.

Reputation and experience is key in any litigation matter that involves digital forensics, I have many testimonials and a number of named individuals who are contactable to provide references if required.

CFO are proud to be full members of the Association of British Investigators.  An organisation dedicated to maintaining high standards amongst investigators.


All members are thoroughly vetted for criminality, vulnerability to bribery/corruption, have their expert reports examined and their previous customers spoken to for testimonials.


You can rest assured that you are in safe hands!

Call me directly for a free no obligation, plain English consultation

Click here to Call Click here to Send a Message

Frequently Asked Questions

Carrying out a DAC check for the first time can be a daunting process.

We have put together all of our own answers to questions we think you may have, along with questions from past customers, to provide you with as much knowledge as possible about the process before you get in touch with us.

Feel free to contact us if you have any questions that are not answered on the FAQ page.

Testimonials 


Whilst discretion is assured at all times when working with us and a DAC, certain customers have consented to their details being published along with offering a testimonial to the service they received;


"We have a long and trusted relationship with Mr Munsey at CFO who always delivers on time -  often in challenging time critical matters.  I am particularly impressed on the Device Activity Check packages as this is an efficient way to investigate a huge volume of data and information in the context of the investigation.  I have no hesitation in commending Jon as an true expert in his field to those in need of computer forensics."

Bob Carrigan - Managing Director
Boothroyd Associates - Scotland - (0141) 5488055 - www.boothroydassociates.co.uk


"We have used Jon Munsey for several years now as our Computer Forensics Specialist and would have no hesitation in recommending him to others, his methodical approach is second to none."

Keith Coventry - Managing Director
Pegasus Investigations Ltd - Scotland - (0131) 272 2766 - www.pegasus-investigations.co.uk


"Jon provided an excellent report in a sensitive case. This allowed us to make effective representations to the Crown, which eventually ended with an acquital."  

Andrew Clowser - Solicitor (Partner)
Whiskers Solicitors - Harlow - Essex - (01279) 439439 - www.whiskers.co.uk

Share by: