Curriculum Vitae Lee Neubecker


Lee Neubecker is the President and CEO of Enigma Forensics, Inc., a Chicago based Computer Forensics and Cyber Investigation consultancy. Neubecker assists fortune 500 clients, government agencies and private organizations with cyber related investigations involving theft of electronic data, fraud, counterfeiting, and online identity unmasking.

Neubecker also is the founder of IT Security Blog Before starting Great Lakes Forensics, Neubecker had served as CISO for HaystackID and following the acquisition of Envision Discovery and Inspired Review by HaystackID, Neubecker was promoted to serve as CIO over the combined entities. Neubecker was named one of the top Global Computer Forensics and Cyber security experts by Who’s who Legal in 2019 and many years prior to that.

During 2016 and 2017, Neubecker assisted the U.S. Federal Government in discovering important security compromises including, the compromise of wildcard certificate ( using deprecated encryption (December 2016), compromise of NIST time servers (December 2016), compromise of NIST NSRL Hash Set download page (December 2016) and leaked email usernames and passwords from U.S. Intelligence Agency email account credentials onto public sandbox websites such as (December 2016 and January 2017). Neubecker has a track record of uncovering Cyber Data Breaches and has performed investigations on the State and Federal Government Agency levels.

Neubecker’s has performed extensive research pertaining to hardware based vulnerabilities and exploits including, Serial Peripheral Interface – chip stored malware that has been impacting individuals, companies and government agencies in the wild following the leak of U.S. Cyber weapons cache. Neubecker identified and reported the hack of website, that resulted in millions of Chicago resident (and former resident) voting records being disseminated online. Neubecker also provided important intelligence collection and analysis services that helped bring the perpetrators of the Boston Marathon Bombing to justice. Prior to founding Enigma Forensics, Neubecker founded Forensicon, Inc. and sold the company to QDiscovery, a national eDiscovery services provider. While managing Forensicon, Mr. Neubecker provided consulting services in the areas of computer forensics, electronic discovery, data recovery and litigation support to a diverse range of clients. Mr. Neubecker has worked on both Plaintiff and Defense sides, and has served as a regular speaker on topics in the computer forensics and electronic discovery fields for Midwestern legal bar associations, Professional Associations and National Legal Conferences. Mr. Neubecker has been appointed a special master in civil litigation matters by the courts. Mr. Neubecker has been cited in the appellate court as an expert witness in the case, Liebert Corp. v. Mazur. The published opinion of Justice Wolfson, Circuit Court of Cook County, regarding Mr. Neubecker’s testimony can be found at the following link:

Prior to founding Forensicon, Inc., Mr. Neubecker founded BuzzBolt Media, a web development and Search Engine Optimization consultancy which later became Forensicon, Inc.  Before moving to Chicago in 2000, Mr. Neubecker led the online communities’ product development and programming initiatives for the Lycos Network, a pioneering Web media model that included three Top 10 Web sites and was one of the most visited hubs on the Internet during Neubecker’s tenure. Neubecker was responsible for creating, launching and managing chat, instant messaging, message boards, and online games across the Lycos network. In this role, Mr. Neubecker led the company’s response to legal inquiries from law enforcement personnel and personally oversaw complicated international investigations involving transcontinental Cyber attacks against company servers and users.

Before joining Lycos and graduating with an MBA focused in technology, Mr. Neubecker launched and successfully managed Innovative Consulting, Inc., an information technology consulting company. Mr. Neubecker’s company deployed network management, contact management, sales automation and ERP solutions to small and mid-tier organizations. Prior to Innovative Consulting, Neubecker held operations and finance analyst positions with Ford Motor Company and Comerica Bank. Mr. Neubecker has experience in securities valuation and accounting from his position at Comerica Bank, where he served as a Trust Fund finance analyst. While serving at Ford Motor Company as an intern, Neubecker was integral in automating important processes and bringing financial forecasting methodologies online, resulting in more timely and accurate quarterly financial forecasts.
Mr. Neubecker graduated magna cum laude from Babson College with a Masters of Business Administration, focus on Technology. Mr. Neubecker also holds an undergraduate degree in Finance, magna cum laude, from Eastern Michigan University.


Circuit Court Cook County No. 18 L 315

Provided in court room testimony on the significance of electronic file meta data as it relates to when documents were received and modified.

McMahon v Digital Fuel Solutions
Circuit Court Will County 15 L 681

Provided written affidavits regarding alleged software code misappropriation. Assisted counsel with seeking preservation of electronic data from third parties.

Broward Energy Partners v. Rappaport
Circuit Court of Cook County Law Division 18 L 1096

Provided in court testimony and testimony via affidavit to assist with eDiscovery protocol process and address allegations of spoliation, withholding of information and authenticity of email.

Jorie LP, Koplin and Content Curation & Data Asset Management v. Roberts McGivney Zagotta et. Al
Circuit Court of Dupage County IL 17 L 728

Provided in court testimony and testimony via affidavit involving issues of email authenticity and eDiscovery.

Borchers v. Franciscan Tertiary Province of the Sacred Heart, Inc., et. al.

Testified in support of violation of the Electronic Communications Privacy Act by plaintiff’s former employer Case No. 2011 IL App (2d) 101257

Saban v. Pharmacare Management, LLC et al.

Northern District of Illinois (Chicago), Case No. 1:10-cv-02428
Rebuttal witness regarding trade secret misappropriation.

Tranco Industrial Services, Inc. v. Campbell

Northern District Court of Indiana, Hammond Division, Case No. 07-CV-206
Won TRO – Violation of Computer Fraud & Abuse Act – Trade Secret Misappropriation
Supervised and prepared our testifying expert for this case.

Valuepart v. ITR North America et al.

Northern District Court of Illinois, Eastern Division, Case No. 06-CV-02709

ValuePart v. ITR

Charles A. Krumwiede v. Brighton Associates, LLC and Ismael C. Reyes

Northern District Court of Illinois, Eastern Division, Case No. 05-C-3003

Krumwiede v. Brighton Associates

Supervised and prepared our testifying expert for this case.

S.C. Johnson & Son, Inc. v. Milton E. Morris et al.

Circuit Court of Racine County, Wisconsin, Case No. 04-CV-1873
Led the investigation and preservation effort that uncovered personal webmails revealing
the fraudulent kickback scheme, which resulted in a law enforcement sting and later a
successful conviction of the accused. This ultimately resulted in an award of $203.8 million
to compensate SC Johnson & Son, Inc. for its losses.

Liebert Corporation et al. v. John Mazur et al.

Circuit Court of Cook County, Chancery Division, Case No. 04 CH 02139
Appellate Court, Second Division, Case No. No. 1-04-2794

Liebert Corporation v. Mazur

Kalish v. Leapfrog Online et al.

Circuit Court of Cook County, Illinois, Case No. 03-L-011695

Kalish v. Leapfrog Online

Lorillard Tobacco Company v. Canstar (U.S.A.), Inc. et al.

More than Five Million Awarded from Neubecker’s discovery of counterfeit scheme
Northern District Court of Illinois, Eastern Division, Case No. 03-C-4769



Managed Engineering Development and data analysis activities across many disparate technologies, from legacy through more recent technologies and platforms including;

Database Technology:

Filemaker, MySql, Oracle, Sql, Sql Server, Law eDiscovery, & Medical ERP Patient Record Systems

Forensic Software:

Aircrack, Airmon, Access Data, Cellebrite, Encase, Forensic Toolkit, Paraben, & Wifite

Online Reconnaissance:

Dark Web, IRC, GFI Languard, Maltego, & Usenet

Security Monitoring:

Nmap, Splunk, Snort, Wireshark, Sophos UTM, & Shodan

Operating Systems / Command Line Shells:

Mac OS X, Windows (Dos/3.1/NT/2000/XP/Vista/2008/2012/7/8/10), Windows Server NT, 2000, 2008, 2012 (Active Directory, Group Policy Management, Certificate Management), Bash, Busybox, Amiga, Commodore, CPM, TI 99/4a, Grub, Kali Linux, Linux, Raspbian OS,
Solaris, Vmware, & Unix


C++, CVS, DOM, Pascal, Xcode, Xml, & Visual Basic

Software Applications:

MS Office, SDR, Webx, WebTrends, Camtasia, Adobe Photoshop, MS Office, MS Project, MS Access, MS Excel, MS Powerpoint, MS Word, MS Visio, Peachtree, Quickbooks & Quicken


Expert in Search Engine Optimization, ASP, Coldfusion, HTML, Java, Javascript, Python, PHP, Scripting Languages, & WordPress


● M.B.A., Magna Cum Laude – Babson F.W. Olin Graduate School of Business – Wellesley, MA
● B.B.A. Finance, Magna Cum Laude – Eastern Michigan University Ypsilanti, MI
● Guidance Software – EnCase® Introduction to Computer Forensics 32 credits – Sterling, VA
● Guidance Software – EnCase® Intermediate Analysis and Reporting 32 credits – Sterling, VA
● Guidance Software – Information Risk and Policy Compliance 3 credits – Chicago, IL
● Continuing Education – Computer Programming – Harry S. Truman College – Chicago, IL
● Novell Computer Network Training – Walsh College – Troy, MI

PROFESSIONAL EXPERIENCE – Chicago, IL (8/2018 – Present)

President & CEO

● Provided direct consulting to clients involving complex issues relating to eDiscovery
● Retained by Government Agency to assist with deposing technical deponent in litigation relating to patient health care records
● Assisted with developing a court approved protocol for production of ESI
● Conducted complex investigations involving the authenticity of emails

HaystackID — Boston, MA (4/2018 – 7/2018)

Chief Information Officer

● Oversaw data center migration
● Managed all IT resources for eDiscovery production environment and internal systems
● Created documentation and work ticketing system for tracking problems and improving service response

HaystackID — Boston, MA (1/2018 – 3/2018)

Chief Information Security Officer

● Performed initial security assessment of organization
● Prepared for GDPR compliance initiatives of organization
● Outreach to potential clients

FORENSICON, a QDiscovery Company — Chicago, IL (2016 – 2017)

Founder and part-time consultant

● Identified opportunities to provide existing client base with services available from combined companies
● Presented on the Telephone Consumer Protection Act regarding strategies towards mitigating lawsuits

FORENSICON, INC. — Chicago, IL (2000 – 2016)

President & CEO

● Conducted fraud examinations involving misappropriation of funds, trade secrets, tax evasion, money laundering, and other white collar related investigations
● Supervised a team of forensics experts in providing complex litigation plaintiff and defense consulting
● Appointed by the U.S District Court of the Northern District of Illinois to assist defense counsel in the trial against accused terrorist trial of Tahawwur Rana – The single count where my firm presented testimony, the defendant was found not guilty
● Performed online investigative work to identify and assist law enforcement with the apprehension of the Boston Bombing perpetrators, Dzhokhar and Tamerlan Tsarnaev
● Uncovered and reported the third known data breach of the Chicago Board of Elections voter database and election worker personal information
● Supervised testifying experts on many cases of record to prepare technical experts for cross examination and rebuttal of their findings
● Preserved electronic evidence for a range of clients using legally sanctioned protocols
● Selected as preferred vendor by the Illinois Attorney Registration Disciplinary Commission – assisted with investigating various claims filed against licensed Illinois Attorneys
● Developed Custom ERP System for evidence management, project management, time tracking and billing
● Provided expert testimony to resolve disputes for various commercial, nonprofit, and governmental agency clients
● Appeared several times as a computer forensics expert on WCIU TV Chicago Channel 26, First Business, NPR Business News, NBC Chicago and more
● Led data breach first responder efforts for; State Government Social Services Department, Non-Profit HealthCare Organization, Financial Services Company, Accounting Firm, Private Membership Club Organization and various Corporations
● Oversaw the development and presentations made to attorneys and legal support staff at the Chicago Bar Association, Illinois Attorney & Discipline Regulatory Commission, DuPage County Bar Association, various associations and more
● Provided expert witness testimony regarding willful deletion of evidence by a departing employee where the testimony was upheld on appeal proving spoliation of evidence
● Compiled emails from numerous platforms into popular litigation support platforms
● Speaker at various events on the topic of computer forensics (see list below)
● Performed computer forensics examinations in FBI forensics labs
● Led the successful forensic analysis defense efforts against a law firm client of our firm that was accused of willful spoliation of evidence – discovered and reported our findings to Judge Mikva that no spoliation had occurred as alleged, the drive was merely encrypted and contained all information
● Led numerous anonymous online defamation investigations resulting in the identification of many anonymous persons responsible for the defaming activities
● Expert in Search Engine Optimization

LYCOS, INC. — Waltham, MA (1998 – 1999)

Senior Product Development Manager, Community Products Group

● Managed and/or launched a large group of products including chat, message boards, and games
● Responded to SEC/FBI Inquiries pertaining to illicit behavior in Lycos network online properties
● Tracked hacker attacks on the Lycos network of sites to help identify and prosecute offenders
● Implemented safeguards against denial-of-service attacks across product group
● Instituted product development and service roadmap management system for teams
● Created & managed multiple cross-functional product teams
● Managed transition of products from external to internal hosting
● Led engineering team on development of scalable & secure online products

INNOVATIVE CONSULTING, INC. — Brownstown, MI (1994 – 1997

President & Lead Technical Consultant
● Led a company of five professionals providing IT support to various sized Companies
● Provided Network support in a multi server environment (NT, Novell, Mac, Linux)
● Implemented financial management software for tier 3 automotive suppliers
● Designed & executed disaster recovery procedures for multiple businesses
● Architected multi-office communication infrastructure for multiple companies

COMERICA BANK — Detroit, MI (1994)

Securities & Trust Fund Accountant
● Audited security transactions for bank trust funds
● Researched discrepancies in reporting
● Published & verified daily yield rates of several portfolios of marketable securities
● Initiated automation of trust fund daily reporting

FORD MOTOR COMPANY, INC. — Detroit, MI (1992 – 1994)

Product Pricing Analyst
● Estimated cost impact on production forecast for various product design changes
● Benchmarked sourced products to ensure price competitiveness
● Designed & implemented automated profit forecasting system using Excel and EDI to internal systems


● Illinois Public Pension Advisory Committee: Friday, December 2nd’s IPPAC Winter Conference “WWIII: The Attack on Your Cyber Security” presentation
● Illinois Public Pension Advisory Committee: Friday, December 2nd’s IPPAC Winter Conference “The Imminent Threat of Cyber Attacks to your Pension Boards” panel
● National Society of Insurance Investigators: “ Cellphones, Pictures, Videos . . . What a Cyber Forensic Investigation Can Reveal”, December 4th, 2014
● The Disaster Conferences : “Cyber Threats and Data Breaches”, September 18th, 2014
● First Chair Awards : “Data Breach & Incident Response: How to Mitigate Your Risk Exposure”, August 2014
● Cigar Society of Chicago : “How to Catch a Terrorist”, September 2013
● ICPAS Fraud Conference 2012: “What a Responsible Professional (CPA or Attorney)
● Should Know about eDiscovery and Document Management”, September 2012
● Law Bulletin E-Discovery Seminar: “Managing Scope & Review”, June 28th, 2011
● NetSecure ‘11: IT Security and Forensics Conference and Expo: “Protecting Digital Assets from Hackers and Thieves”, March 24th, 2011
● Chicago Association of Litigation Support Managers, CALSMposium: “Seventh Circuit Electronic Discovery Pilot Program”, October 7th, 2009
● National Business Institute – “E-Discovery Searching the Virtual File Cabinets”: (co-presented with Christopher S. Griesmeyer, partner at Levenfeld Pearlstein, LLC and David W. Porteous, partner at Faegre Baker Daniels LLP) “Obtaining Electronic Data & Best Practices in using Computer Forensics”, September 19th, 2008
● Secret Service Electronic Crimes Task Force – Computer Forensics May, 2007
● Law Bulletin E-Discovery Seminar — “Electronic Discovery in Practice”: (co-presented with Jennifer Wojciechowski of Kroll Ontrack) “Avoiding the Pitfalls of the Electronic Era”, October 2005
● Institute of Internal Auditors, Chicago West Chapter Meeting: (co-presented with Cameron Nelson, attorney at Greenberg Traurig) “Using Computer Forensics To Conduct Investigations”, May 9th, 2006
● Association of Certified Fraud Examiners Workshop: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) “Using Computer Forensics to Conduct Investigations”, February 10, 2006
● Chicago Law & Technology Conference: “Computer Forensic Update”, co-presented with Greenberg Traurig LLP Attorney Cameron Nelson, February 23, 2006
● FagelHaber, LLC’s E-Discovery Conference: (co-presented with Richard Chapman, Gary Green, David Rownd and Robert Kamensky, attorneys at FagelHaber, LLC) “Avoiding the Pitfalls of the Electronic Era”, October, 2005
● Chicago Bar Association, CLE Seminar: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) — “Deliverables to Request From Your Computer Forensics Examiner”, 2005
● Chicago Economic Development Council: “Internal Fraud Investigations”, 2005
● Law Bulletin Publishing Company E-Discovery Conference 2005: “Show me the Smoking Gun!”, 2005
● American Law Firm Association’s International Client Seminar 2005: (co-presented with Joe Marconi, attorney at Johnson & Bell, Ltd and Donald Kaufman, attorney at McNees, Wallace & Nurick LLC) — “Discovery, Document Retention & eDiscovery in a Post-Enron/Andersen World”, 2005
● Chicago Bar Association, CLE Seminar: (co-presented with William J. Cook of Wildman Harrold, Jeffrey L. Hartman of Competitive Advantage Solutions and Mark S. Simon of Eclipsecurity, LLC) “Computer Forensics For Lawyers”, May 6th, 2004
● Chicago/Milwaukee Joint Midwest Law & Technology Conference 2004: “Finding the Smoking Guns: Legal Computer Forensics Without the Geekspeak”, November 30th, 2004
● Chicago Bar Association, CLE Seminar: “Resolving Intellectual Property Theft with Computer Forensics”, October 20th, 2004
● Chicago Bar Association, CLE Seminar: “Computer Forensics for Lawyers”, May 6th, 2004
● Law Bulletin Publishing Company E-Discovery Conference: “Electronic Document Collection and Processing”, April 27th, 2004
● LegalTech 2003, Chicago : “True Electronic Discovery”, October 30th, 2003
● Chicago Bar Association (Law Office Technology Committee): “Electronic Discovery 101”, 2003
● Illinois Academy of Criminology: “Electronic Discovery 101”, Circa 2003
● Greater Chicago Chapter of the Association of Legal Administrators: “Electronic Discovery 101”, Circa 2003
● Chicagoland Chamber of Commerce: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
● NORBIC: “Web Page Programming For Search Engine Effectiveness”, Circa 2001


● Law Practice Today – (July 2004) – Invited to be a contributing expert on a roundtable article by Dennis Kennedy on the online magazine.
● Time Is of the Essence — Provides an overview of why it is important to act fast when seeking to obtain electronic evidence.
● The Liability of Email as Evidence — Reflects on the recent impact of the Andersen case involving Enron (Also in the Nov. 22, 2004 issue of C hicago Daily Law Bulletin) –,
● Document Retention Policies — Develop, enforce and audit your document retention policy:
● Monitoring Employees — Provides reader an understanding of some of the liability issues involved with employee monitoring
Worker Beware — Why employees should be careful about what they do with their workplace computer:
Data Security — What to do when an employee leaves
Virus-proof Your Computer — Simple lessons in computer security
Microsoft Learns to Prioritize — Implementing security measures at the OS level


● Certified Information Systems Security Professional (CISSP) – Chicago Chapter
● HTCIA (High Tech Crime Investigation Association) – Past President – Midwest Chapter
● Illinois Academy of Criminology — Chicago Chapter
● U.S. Secret Service Electronic Crimes Task Force Member — Chicago Midwest Region
● Union League Club of Chicago — Technology Group Member
● Association of Certified Fraud Examiners — Associate Member
● State of Michigan — Private Investigator – License Number 3701205872

Facebook Comments