Digital Evidence is a virtual goldmine for discovering undisclosed assets.

By Nicholas G. Himonidis, Lawyer and Private Investigator

Digital evidence is everywhere. Electronically stored information and electronic communications are pervasive and, contrary to the assertions of many, extraordinarily difficult to completely eliminate or obfuscate. The devices that so many of us use every day are pulling email from servers, synchronizing with our computing environments, and creating multiple redundant backups of our accounts and data — locally or “in the cloud”. Countless other facilities, mechanisms, and factors contribute to the almost endless creation and duplication of data, which may evidence undisclosed assets or lead to their discovery.

Almost everyone does some portion of their banking online. Automatic notifications via email and text messaging are commonplace for bank accounts, credit cards, and other electronic transactions. In general, there is no correlation or verification by the financial institution(s) between the name on the account and the email address(es) provided for notifications.

A spouse hiding assets may have bank accounts in someone else’s name, but they may still receive email or text notifications regarding account activity — and may still access those accounts online to conduct transactions. Wire transfers may be initiated via email. Payments may be made from one party to another via PayPal and other online exchanges. All of this creates evidence of potentially undisclosed assets.

Digital forensic examiners can extract data, including deleted data, from all manner of electronic devices and digital storage media. All that is required is for the aggrieved spouse to legally gain access to those devices. There are several avenues to accomplish this: obtaining access to the device through formal discovery mechanisms, and “self-help” or what is often referred to as Clandestine Imaging. Both of these distinctions involve practical as well as legal issues.

Let us take the example of emails that may evidence undisclosed assets or accounts. (The same concepts apply to text messages and other forms of Electronically Stored Information or ESI.) Emails sent or received by an opposing party may be demanded through a document request; attorneys should routinely include requests such as: “any and all emails, text messages, or other electronic communications sent or received, to or from any financial institution. ”

The opposing parties may not be trusted to fully and adequately produce the requested emails, or may legitimately be unable to do so because the email(s) in question have been deleted and they lack the expertise to recover them. Therefore, counsel may consider demanding production of the electronic devices themselves — smartphone(s), laptops, tablets, etc. — for examination by a forensic expert, as well as production of relevant, non-privileged material, pursuant to a stipulated or court-ordered protocol.

Some will suggest that it is easier to simply subpoena the emails from their host (e.g., Gmail, Hotmail, Yahoo). However, these email account hosts, as well as the wireless carriers who provide text message service and all other online service providers, will routinely refuse to comply, citing Title II of the Electronic Communications Privacy Act (18 USC Sec. 2701 et. seq.). Absent a court order or consent of the account holder, these hosts are prohibited from releasing the substantive content of stored electronic communications.

It may be possible to obtain a court order or an authorization from the account holder, by demand or direction of the court or discovery referee, if the account holder is a party to the divorce action. Yet even that remedy may be a dead end if the communication in question no longer exists on the host’s server. Because storage space is valuable, retention policies of online service providers, wireless carriers, and email hosts for user-deleted content are generally very short: 30 to 90 days on average.

Such realities lead us to conclude that a forensic examination and extraction of ESI from the party’s device is most often the best method for obtaining the evidence sought in most circumstances.

Formal Legal Discovery vs. Clandestine Imaging

Most jurisdictions recognize some form of discovery mechanism (e.g., Demand for Discovery and Inspection under NY CPLR 3120) whereby a party may demand that physical items, including computers and electronic devices, be made available for examination, copying, etc.

However, in certain circumstances, Clandestine Imaging offers a viable and potentially preferable alternative. This option entails making a forensic duplicate or extracting data in a forensically sound manner from electronic device(s) in which the client has a legal and/or equitable interest, and data they have a right to access outside the scope of formal discovery  (ideally before the case is commenced). The client may, under the laws of the jurisdiction and the factual circumstances, have a right to access these devices and data contained on them, independent of any formal legal directive.1

Bank Account Searches

Not so many years ago, investigators in matrimonial and other cases would contact banks, posing as the customer, and a through a variety of very clever, well-established “social engineering” techniques, would routinely determine if any account(s) existed at the institution, and if so, obtain the party’s private account information.

While the discovery of undisclosed financial accounts remains as important as ever in matrimonial cases, there are several major problems with the above strategy.

For starters, the conduct described above was expressly outlawed in 1999 by the Gramm-Leach-Bliley Act  (GLB), also known as the Financial Modernization Act  of 1999. Section 521 of GLB makes it a federal criminal offense to “obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer information of a financial institution relating to another person. … (1) by making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a financial institution; … (2) by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution; or … (3) by providing any document to an officer, employee, or agent of a financial institution, knowing that the document is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation.”

This change has led many attorneys to cease engaging in these types of investigations altogether.

There are, however, methodologies that are still effective in this modern banking environment — and more importantly, do not run afoul of GLB. While the task has certainly become more difficult, and the information available is more limited, it is still feasible to determine what institutions a party has accounts with — and in some instances, how much they have on deposit — without running afoul of the law.


No-fault divorce statutes have removed the need for surveillance in matrimonial cases to gather evidence of grounds (e.g., adultery). But surveillance can still be a valuable investigative tool. Often through direct observation or “reverse engineering,” surveillance leads to the discovery of undisclosed assets such as real estate, business interests, vehicles, boats, planes, banking relationships, etc.

For example, investigators conducting surveillance note the license plate of the Mercedes driven by the client’s estranged spouse. A check of that license plate reveals that it is registered to an out-of-state company that leased the Mercedes six months prior – almost a year before the divorce action began. A check of the Vehicle Identification Number reveals the Mercedes was leased through a local dealership. A visit to the dealership by investigators confirms that the subject spouse leased this vehicle (and another Mercedes, apparently for his paramour) through the out-of-state corporation. The dealership provides copies of the certificate of incorporation and corporate resolution authorizing the leases. The subject spouse’s name does not appear on the certificate of incorporation, thus no amount of public records searching would have likely turned up his connection to the company. However, crucially, the corporate resolution states that the subject spouse, as an owner and officer of xyz corporation, is hereby authorized to execute lease(s) etc. The kicker: the certificate of incorporation shows that the company was formed almost two years prior to the commencement of the case. The subject spouse’s interest in this company is marital property, subject to equitable distribution – but it was never disclosed and turns out to be of substantial value.

A subject spouse is observed during surveillance visiting a townhouse apartment outside New York City. A check of the address reveals that an LLC owns the property. (Extensive public records and database searches on the subject spouse did not uncover this address or link the subject spouse to it). Research on the LLC reveals that it was formed more than a year before the commencement of the case. Investigators also find the name of the corporate service that filed the LLC along with the LLC’s address, which is a Post Office box in the LLC’s name.

Searches of this P.O. Box through every available public records database yield no affiliation with the subject spouse. However, a bank account locate search for the LLC reveals that a particular bank had run a check on the LLC through a third-party verification service. A subpoena to that bank finds that the LLC did have an account there and that the subject spouse was a signatory on the account. Subsequent discovery efforts prove that the subject spouse had formed the LLC with a relative and had purchased the townhouse in question, as well as two others, several years before filing for divorce, but had failed to disclose these acquisitions during the case. If not for the surveillance, all this property would likely have gone undetected.

[1] The laws governing when a party (in this case, a spouse) has a right to access data on a device in the marital home vary from state to state, and the decision to employ this strategy should involve careful analysis of all the facts on a case-by-case basis.

Nicholas G. Himonidis is an attorney, licensed private investigator, certified fraud examiner, and certified computer forensic specialist. He is vice president  of Investigations at T&M Protection Resources in New York City.