Daniel Garrie is the co-founder of Law & Forensics LLC and leads the Cyber Security and Forensics Practice teams. He has been a dominant voice in blockchain, cryptocurrency, computer forensics, and e-discovery for over 20 years. He is also an Arbitrator, Forensic Neutral, and E-Discovery Special Master at JAMS (https://www.jamsadr.com/garrie/). Daniel has successfully built and sold several technology start-ups companies. Since co-founding Law & Forensics LLC in 2008, Daniel has made it into a leading boutique cybersecurity, cryptocurrency, blockchain, and forensic engineering firm.

In addition to his Law Degree, Daniel holds a Bachelor’s and Master’s in Computer Science, allowing him to speak as comfortably with engineers and developers as he does with lawyers and judges, distinguishing him from other practitioners. Daniel combines his technical prowess and legal expertise to resolve cybersecurity and forensic disputes and testify as an expert witness on cybersecurity, forensics, e-discovery, and other areas in state and federal court.

Daniel regularly testifies as an e-discovery, cybersecurity, and computer forensic expert witness, authoring forensic expert reports on multi-million-dollar disputes. His ability to perform complex investigations and effectively communicate the results to a jury has made him one of the most sought-after experts in the country. His testimony has been pivotal in several cases involving complex cybersecurity and forensics, including most recently testifying as a cybersecurity expert witness regarding cybersecurity issues specific to vehicles in Federal Court in Massachusett before Judge Woolock earlier this year.

Separately, Daniel also enjoys teaching in both an academic and courtroom setting. He has presented over 300 seminars to thousands of lawyers, judges, and students across the globe. In addition to his classroom experience at Rutgers, Daniel has also lectured at Harvard Law School, UCLA, Columbia University, Cardozo Law School, Brandeis, and more than 300 federal and state court judges on cybersecurity issues.

Practice Areas

Board-Level Consulting

• Provided training for the board of the company and was then further recommended to other boards of other companies to provide the same training for other boards.
• Created a cyber security playbook to manage incidents in a way that limits damage, increases the confidence of external stakeholders, and reduces recovery time and costs; created playbooks for numerous large organizations’ boards of directors.
• Arbitrator and mediator in partnership and board member disputes involving technology startup companies. Used startup experience and deep knowledge of the industry to help the parties reach amicable resolutions.

Crypto Expert/Mediator

• Wang, Xin v. Injective Labs, Inc., JAMS Case No. 1220072698 (2022).
• Valdez v. Sprint Solutions, JAMS Case No. 1220063794.
• McCarthy, Tommy v. Sprint Solutions, Inc., JAMS Case No. 1220058903 (2018).

Digital Forensics Investigations

• Served as a forensic neutral and advisory in a bankruptcy case worth hundreds of millions of dollars and involved extensive work and cooperation with the FBI, Interpol, and other law enforcement agencies. Arranged the collection of computers, iPhones, and other devices in Europe (Paris, Madrid, Brussels); retrieved and analyzed multiple devices and identified numerous bank accounts previously unknown to the bankruptcy trustee responsible for the appointment.
• Assisted companies in finding relevant data by collecting, preserving, and harvesting data, recovering recoverable data from mobile devices, hard drives, and backup tapes (e.g., deleted, hidden, lost or encrypted files). Assisted in collecting data in a wide range of formats and media worldwide; preserving data in a forensically sound fashion (e.g., locked, fireproof safe).
• Conducted a digital investigation on behalf of a financial services company when four high-level employees were suspected of stealing proprietary information. The investigation involved in-person interviews, forensic imaging, searching through millions of files, and finding that the employees had copied many confidential documents from the company’s server. Testified in court on the matter and obtained a temporary restraining order.
• Served as a forensic neutral in a $500 million bankruptcy; efforts included analyzing many electronic devices, including MacBooks, iPhones, iMacs, Supermicro servers, Dell EMC servers, and HPE servers.
• Forensically imaged and analyzed dozens of Macintosh computers involved in a trade secret theft case. Discovered key evidence our client used to compel settlement; forensically imaged all a client’s communications within two days when handling a time-sensitive case (Regional Kosher Foods Company).
• Assisted law firms and clients in assuring the complete removal of sensitive data before returning computers to opposing parties; oversaw several dozen consultants that work with companies to investigate data breaches through electronic forensics, including analysis of hard drives.
• Established that the employee of a gambling/entertainment company was a critical bad actor in a $100,000,000+ fraud, which was instrumental in forcing the insurance company to honour the policy, the gambling/entertainment company had purchased to protect against such threats and theft to honour its policy.
• Identified, collected, and preserved sensitive, responsive information from a Fortune 500 company’s systems to minimize intrusion into the company’s data and isolate only the responsive information.

Cybersecurity Consulting

• Known for conducting detailed cybersecurity audits and assessments, identifying vulnerabilities and enhancing organizational security.
• Devises customized audit strategies to boost cybersecurity resilience and meet regulatory standards.
• Performed an internal investigation of a healthcare company’s systems to determine if allegations of modifying diagnoses and procedure codes in healthcare claims to support higher reimbursements from health insurance plans and the government were possible, and if so, how the alleged fraud could be perpetrated; reviewed manuals and user guides for each system available and drafted targeted questions concerning each system to understand how they function in the claims processing workflow; performed a series of on-site interviews with employees knowledgeable in the system functions and compiled the findings into a presentation to the General Counsel of the healthcare company.
• From 2016 to the present, consulted various companies in the insurance, manufacturing, automobile, financial, crypto, software/hardware, and chemical sectors on issues relating to the establishment of bug bounty programs. Work included performing extensive analysis and review of bug bounty programs available in the marketplace, understanding how different bug bounty programs structure reward programs and determine eligibility, analyzing compliance with laws, reviewing the workflow taken in reporting vulnerabilities, and making recommendations as to the course of actions relating to bug bounty programs.
• Audited global aerospace firm’s information security defenses and protocols, identifying and remediating critical gaps.

Cybersecurity Expert Witness

• United States v. Miklos Daniel Brody, N.D. Cal., Case No. 3:22-CR-00168-WHO (2023)
• United States v. Joseph Sullivan, N.D. Cal., Case No. 3:20-cr-00337-WHO (2022).
• Advocare, LLC v. Continuum Health Alliance, LLC, Super. Ct. N.J. Chancery Div., Burlington County, Case No. BUR-C-55-19. (2019).
• Apogee Telecom Inc. v. Brian Rosenblatt, Super. Cal., San Diego County, Case No. 37-2016-00003229-CU-BT-CTL. (2017).
• Andrew Sun v. Valencia Imperial LLC et al., Super. Cal., Orange County, Case No. 30-2014-00738773-CU-NP-CXC. (2017).

Cybersecurity Education & Training

• Trained employees and developed courses to help ensure the company’s legal and technical stakeholders stay current on technical and legal developments, developed, and delivered lectures for several organizations such as the FBI, the Department of Defense, the Department of Justice, and several top law firms.
• Created functional strategies to offer intensive immersion training designed to assist a company and its legal, business, and technical staff in mastering the practical steps necessary for defending systems and networks against the most dangerous threats; provide a step-by-step “how-to” training that enables individuals to perform their job with a higher degree of efficiency and success.
• Created a two-day seminar for the C-Suite of the company. The training was highly successful and used in six different locations of that company.

Data Collection

• Verified completeness of data collections on a dispute involving a fifteen-terabyte collection, hundreds of devices, and multiple locations; assisted in an extensive oil and gas investigation involving over one hundred million dollars by forensically collecting and obtaining more than seventy-five terabytes of data, and over one hundred legacy backup tapes and multiple computers. Upon completion, submitted a detailed expert report setting forth evidence that documented a previously unknown fraudulent letter of credit.
• Assisted the Court in structuring an overall protocol for e-discovery or forensic matters, including identifying the computers and devices from which data is to be collected and creating and developing search parameters that limit the width of the discovery; helped draft, implement, and monitor comprehensive legal hold protocol.
• Created ESI search protocol for litigation involving a publicly traded company in a multibillion-dollar dispute. Both sides deemed the protocol acceptable and adopted it with minimal edits made.

eDiscovery Expert Witness

• PennyMac Loan Services, LLC v. Black Knight Origination Technologies, LLC, AAA Case No. 01-20-0005-00778 (2023). DC
• Washington Commanders v. National Football League, JAMS Case No. 1410009206 (2022).
• Ricchio, Michael v. Denker, Elissa Anne, JAMS Case No. 1220072686 (2022).
• Mirejovsky v. Bergener, Super. Ct. Cal., Orange County, Case No. 30-2019-01046697-CU-MC-CJC. (2019).
• Crossfit, Inc. v. National Strength and Conditioning Association, S.D. Cal., Case No. 14-CV-1191-JLS. (2019).
• Potterf v. National Strength and Conditioning Association, Ohio Ct. of Pleas, Franklin County, Case No. 14 CV 3293. (2019).
• Volkswagen “Clean Diesel,” MDL, N.D. Cal., Case No. 15-MD-2672-CRB (JSC). (2018).

eDiscovery Consulting & Strategy

• Leads eDiscovery projects, managing electronic data strategically and ensuring efficient legal compliance.
• Acted as a 30(b)(6) witness on behalf of a global pharmaceutical company involved in a multibillion-dollar dispute, made it through the deposition, and was found credible.
• Offers expert guidance on technology use for analyzing legal data, navigating legal and technical challenges.
• Uncovered undisclosed ESI sources and collect relevant data in a neutral and forensically sound manner on behalf of the courts for a trade secret dispute between competing pharmaceutical firms.
• Used predictive coding to mine data from the documents from an employee in questions’ cell phone records even though the employee attempted to clear his phone; pulled further documentation from the employee’s computer, to which he had synced his mobile device; forensically analyzed the banking app on his mobile device to prove that he stole money and placed it into his account; wrote an expert witness report to explain findings to the legal counsel and the court clearly.
• Consult for a variety of malpractice claims related to electronic health records (E.H.R.), including technology and design issues; lack of integration of hospital E.H.R. systems; failure or lack of alerts and alarms in E.H.R. systems; copy-and-paste errors; data entry errors; and alert fatigue.
• Assist courts and parties involved with compliance issues relating to state and federal court orders (issuing findings for the court on compliance with the court orders, identifying, discovering, and/or recovering susceptible evidence from the hard drive and backup tapes, mediating key-word search disputes between warring parties).

eDiscovery Special Master

• In the Matter of the Complaint of Dordellas Finance Corp. Owner, et al. (LA 22-CV-02153-DOC-JDE), JAMS Case No. 1220072736 (2022).
• Gutierrez Jr., Peter Moses, et al. v. Amplify Energy Corp., et al. (SA 21-CV-1628-DOC-JDE), JAMS Case No. 1220071875 (2021).
• Patel, Paulomi v. FCA US, LLC, JAMS Case No. 1220070886 (2021).
• Ullrich, Kelsey, et al. vs. Mugo, Mercy, et al., JAMS Case No. 120067246 (2021).
• Malsten, Rebecca, et al. vs. Merced Faculty Associates Group Inc, et. al., JAMS Case No. 1220067437 (2021).
• In re: Facebook, Inc. JAMS Case No. 1200058674 (2021).
• In re: Facebook, Inc. JAMS Case No. 1200058189 (2021).
• Fishman v. Tiger Natural Gas, Inc. et al., N.D. Cal., Case No. C 17-05351 WHA. (2018).
• C.D.S., Inc. v. Zetler and Amazon Web Services, Inc., S.D.N.Y., Case No. 16 Civ. 3199 (VM) (2018).
• Small v. University Medical Center of Southern Nevada, D. Nev., Case No. 13-CV-00298-APG-PAL, 2014.

Forensic Expert Witness/Neutral

• Nicky Laatz v. Zazzle, Inc. and Mohamed Alkhatib, N.D. Ca., Case No. 5:22-cv-04844-BLF VKD (2023). DC
• Donahue, John E. v. Topa Insurance Group, et al., JAMS Case No. 1220072313 (2022).
• Colourpop Cosmetics, LLC v. Wynn, Jordynn, Sup. Ct. Cal., Ventura County, Case No. 56-2020-00542852-CU-BT-VTA (2020).
• Richter, Haoning V. Oracle America, Inc., et al., JAMS Case No. 1100106052 (2019).
• U.S. v. Mogal et al., N.D. Cal., 5:18-cr-00259-BLF. (2019).
• Quid, Inc. v. Gourley, JAMS Case No. 121003677. (2019).
• Align Real Estate, LLC v. Fossum, JAMS Case No. 1220062350. (2019).
• Day, Aaron v. Trend Offset Printing Services, Inc., JAMS Case No. 1210033646. (2018).
• Jawbone, Inc. v. Fitbit Inc. et al., Super. Cal., S.F. County, Case No. CGC-15-546004. (2018).

Incident Response

• Directs effective incident response for cybersecurity incidents, developing robust plans for various threats.
• Coordinates with stakeholders during and post-incidents, managing crisis situations to safeguard assets and reputation.
• Identified a breach in a private cloud and spearheaded remediation efforts, including cleaning and recovering dozens of servers that hosted critical and essential data in the company’s private cloud. (Aerospace & Defense Company).
• Investigates and responds to a data breach within hours of being retained, uses cutting-edge systems and investigative technologies to identify and remediate the data breach source quickly, and analyzes network packets and malware activity RAM, video, and tapes at the lab.
• Led a team of cybersecurity experts from two of the biggest cybersecurity firms in the world to remediate a cyber incident; the team used personally-invented patent pending cutting-edge cybersecurity incident response tools to analyze 50+ computers of a global company in half the time of current industry norms and identified and remediated the infected devices on time and under budget.
• Used emerging and established cybersecurity technology such as Planteer, FTK, and EnCase to curate an incident response playbook unique to each client, blending legal and technical advisement to produce a comprehensive set of guidelines and procedures.

Network/Server Forensics

• Conducted cyber investigation of massive IP theft and determined that two criminal organizations in Asia were responsible; analysis enabled clients to recover millions from their insurance policy.
• Located and recovered deleted or partially-disrupted files in cloud computing environments using off-the-shelf and patent-pending cutting-edge software in private and public computing environments; identified the breach in the private cloud of an Aerospace & Defense Company and spearheaded the remediation efforts that included cleaning and recovering dozens of servers that hosted critical and essential data in the company’s private cloud.
• Conducted network forensics investigation around the theft of critical intellectual property via a former employee’s cyberattack and provided an expert report documenting and calculating the damages. The expert report was relied upon by Counsel in calculating economic impact, resulting in a positive outcome for the client (Medium-Size Generic Pharmaceutical Manufacturing Company).

Mobile Forensics

• Recovered data from smartphones, mobile phones, tablets, and other personal digital devices. Apple iPhones, iPads, Android phones and tablets, and Windows devices like the Surface. Evidence forensically retrieved includes deleted emails, text messages, pictures, GPS, and location data.
• Conducted forensic investigations that included collecting and analyzing a dozen mobile devices and several Bloomberg terminals in a dispute between investment banks and identified malware that demonstrated one of the parties acted in bad faith, resulting in a settlement between parties.
• Forensically analyzed and investigated various documents and banking applications on an employee’s mobile device, computer, and tablet to prove he stole money from the non-profit organization he worked for. This evidence allowed the client (the non-profit) to win the case and recoup all the money they had lost.
• Utilize various forensic tools designed to preserve social network profile(s) (Facebook, MySpace, Google+, etc.)
• Analyze social network platforms to determine who created the account, if it was deleted, if specific aspects of an account were modified, and recover other necessary details surrounding altered or destroyed social media accounts.
• Investigate social media accounts to determine the method of entry and the scope of the event, as well as to profile and quantify the data loss.
• Conducted many forensic investigations concerning data found on various social media platforms.

Reverse Engineer

• Reverse engineered and reconstructed hardware and software environments from backups, remnants, and historical software fragments.
• Assisted an expansive multinational corporation in their adoption of the Sarbanes-Oxley Act into their document retention policies, worked with the company’s IT department to architect financial document retention systems compliant with sections 302 and 404 of the Act, rewrote all security policies, standards, and guidelines in compliance with the Act; reengineered the corporation’s data center security, third-party access controls, and created pre-implementation security checklists for internal projects and enterprise level audit log requirements; refocused audit logging requirements, ensuring that only those applications capable of causing a material misstatement in SEC filings were flagged for management review thereby guaranteeing that Sarbanes-Oxley compliance was demonstrable in a court setting; reduced the company’s data logging time requirements and resources by almost 60%.

• eDiscovery Platforms – Hewlett-Packard Information Archiving Platform, Autonomy IDOL ECH, Aungate Investigator, Orchestria, CaseCentral, Attenex, Summation, Symantec Enterprise Vault, Comvault Simpana, Zantaz, MetaLINCS’s, MarketScope, Recommind, Clearwell Systems, Relativity, kCura, Digital WarRoom, Viewpoint, Concordance, LogicKull.
• Programming Languages – C/C++, C#, Java, DHTML, PhP, SQL, JavaScript, LISP, Solidity, .Net, Python.
• Operating System – Apple Operating Systems thru iOS 16, Android, Microsoft Windows thru Windows 11; IBM AIX 4.x, 5.x, Sun Solaris, OS/ 390, Linux, MS-DOS.
• Forensic Tools/Software – Berla Vehicle Forensics, Cellebrite, FTK, Internet Evidence Finder, EnCase, Oxygen Forensic Suite, Digital Evidence & Forensics Toolkit (DEFT), SANS Investigative Forensic Toolkit (SIFT) Workstation, SysmonSearch, Volatility, KnTList, Magnet Product Suite, OSX Auditor, HELK, Stalk, Cuckoo, Viper, Highlighter (Mandiant), TRIAGE-IR , FastIR Collector, X-Ways Forensics.
• Cybersecurity Tools/Software – Checkpoint, PaloAlto, Snort, Suricata, BroIDS, OSSEC, Ntop, NfSen, Nfdump, AlienVault Labs, Squid Proxy, IPFire, SANS Investigative Forensics Toolkit (SIFT), Sleuthkit,  APTSimulator.
• Data Modeling Tools – Rational Rose Enterprise Edition, Microsoft Visio, Erwin Data Modeler.
• Web Technology – HTML, DHTML, XML, XSL, ASP, JSP, PHP, XMLRPC.
• Database – IBM DB2, SQL Server, JDBC, ODBC, Oracle.