What does Obsidian Watch Group do?

Independent hardware and software security, managed IT services, and connected-device investigations for small and medium businesses across Tennessee. The practice builds defensible written records of what devices actually do, who they talk to, and what changes when nobody is looking.

What areas of Tennessee do you serve?

Statewide Tennessee, including Nashville, Knoxville, Memphis, Chattanooga, the Tri-Cities, Murfreesboro, and Clarksville. Remote engagements available anywhere in the United States. Bench work and on-site engagements brought to your location on request.

What is a hardware security audit?

Physical and electrical inspection of a device's hardware to identify security weaknesses, undisclosed phone-home behavior, firmware integrity issues, supply-chain backdoors, and unauthorized network behavior. Includes bus capture, firmware extraction, and chip-level documentation. Used by procurement teams, IT departments, and parties needing court-grade evidence of device behavior.

Do you handle managed IT services for small businesses?

Yes. Business Security & IT Management is a core service for small and medium businesses across Tennessee. Includes network design, endpoint security, non-hyperscaler storage and cloud architecture, and ongoing operations support.

What kind of investigations do you handle?

Connected-device investigations, supply-chain investigations, vendor accountability work, and independent factual records for journalists, litigators, and other parties. Prior work includes consumer IoT phone-home investigations, vendor OTA-pushed device disabling cases, and supply-chain security investigations. All work output is sourced to evidence and written for the audience that has to act on it.

How does an engagement work?

Three steps. (1) Brief: you describe what you have and what good looks like; I respond with scope, cost, and timeline. (2) Bench: I do the work; photographs, captures, and decompiled artifacts are committed to a private repository you can audit at any point. (3) Record: you receive a written report cited to the evidence, an executive summary, and a reproducibility appendix. Engagements through counsel carry privilege.

Every brief triaged immediately. Urgent cases reach me within hours.

Bench-grade evidence.
Digital forensics for the record.

Q: How do I submit a brief?

Email investigations@obsidianwatchgroup.com. Every brief is triaged on arrival. Urgent cases reach me within hours. Standard cases get a human reply within 48 hours, even if the answer is no. Encrypted intake via PGP available on request through obsidianinvestigations@pm.me.

I build a defensible written record of what your devices do, who they talk to, and what changes when nobody is looking. Hardware, firmware, network, and the investigative work that holds up in court.

send a brief see the services

Your devices aren't doing what you think.

Phone-home telemetry you didn't authorize. OTA pushes that disable hardware you paid for. Cloud sessions that survive your refusal. Supply-chain backdoors quietly shipped in firmware. Cleartext transmission of data the spec sheet promised was encrypted. Your hardware ships with behaviors the box never mentions. I put it on the bench, document what it actually does, and write it up for the record.

Track record

Real damage to real ecosystems.

Independent investigations that have broken multi billion dollar supply chains, rerouted vendor practice across whole product categories, and put surveillance ecosystems on the public record.

Supply chains placed under public scrutiny across automotive, additive manufacturing, and fintech

3.4M

Documents read line by line, every flagged item annotated

Country scope across active investigations, including embargoed disclosure channels

FBI · HSI
DOJ · DOD

Federal LE and national security channels. Plus FinCEN, DFPI, NHTSA, Google VRP.

CWE breadth

19distinct CWE categories

Coverage

Nineteen distinct Common Weakness Enumeration categories surfaced inside major brand product ecosystems across the practice's active investigations. Spans OTA update control and integrity, signing key exposure, cleartext transmission, hardcoded credentials, authentication bypass, and supply chain compromise. Vendor-side CVE assignment pending coordinated disclosure.

Major brand ecosystems

Infrastructure

100%owned compute & bench

In-house labs

All bench instruments and compute infrastructure operated in-house. Analysis workloads run on our own clusters in our own racks. No rented cloud for case material, no shared lab benches, no third-party custodians of evidence. Owned hardware end-to-end, from probe tip to disk.

Owned end-to-end

These are not theoretical exercises. The investigations behind this practice have caused vendor public statements, regulator referrals, embargoed federal disclosure tracks, and material change in how multi billion dollar product categories handle owner consent and data sovereignty.

Practice areas

Four ways I work.

04 services

01service

Hardware Security & Recovery

Hardware audits, recovery, and bench-level rework for small and medium businesses.

Hardware that needs eyes on the bench. I audit devices before your IT team rolls them out, recover hardware bricked by vendor OTA pushes or component failure, rework boards nobody else will touch, extract firmware so you can prove what the device actually does, and document chip-level findings with photographs and bus captures. Useful when procurement needs a device verified, when a board failure or vendor brick is costing you money, or when something on your network is doing things its packaging never mentioned. Reports are written for the audience that has to act on them.

▸Pre-rollout device audits for IT and procurement
▸Recovery of devices bricked by OTA pushes or vendor updates
▸Board-level repair and rework: BGA, fine-pitch, no-lift fixes
▸Firmware extraction, recovery, and modification
▸Bus capture: UART, SPI, I2C, USB, CAN
▸Post-incident hardware forensics
▸Vendor-claim verification: does it do what they say it does
▸Written report and reproducible findings

02service

Software & Network Security

Know what your software, IoT, and network are actually doing.

Software and connected devices already running your operation. I instrument your network, capture every outbound flow, and tell you which endpoints your devices reach, who owns each one, what jurisdiction the data lands in, and what changes when you decline a terms-of-service update. Useful for IT directors evaluating new gear, healthcare practices that need to know about HIPAA-touching telemetry, manufacturers with connected products of their own, and any business tired of finding out about new tracking after the fact.

▸Network audit of IoT, point-of-sale, and connected appliances
▸In-house and third-party app code review
▸Endpoint identification, corporate attribution, jurisdiction mapping
▸TLS payload inspection within legal scope
▸Compliance pre-check: HIPAA, PCI, sector-specific
▸Behavior testing under refused consent and declined updates
▸Written report for IT, counsel, or insurance

03service

Business Security & IT Management

Contract security and IT operations for independent businesses.

Contract engagement covering the operational security and IT decisions that keep an independent business running. Scope includes network and endpoint security, point-of-sale and connected-device auditing, storage and cloud architecture that does not touch AWS, Azure, or the other major hyperscalers when sovereignty or trust requires it, backup design and disaster-recovery testing, vendor coordination, account inventory and recovery, and telemetry control. Engagements are structured either as a defined project closing in a written runbook, or as an ongoing contract with monthly reporting to ownership. Scope, deliverables, and pricing are set at the contract, not the hour.

▸Network and endpoint security operations
▸Point-of-sale, IoT, and connected-system audits
▸Private storage and cloud architecture (off AWS, Azure, hyperscaler)
▸Backup design and disaster-recovery testing
▸Vendor coordination and account inventory
▸Telemetry control and privacy enforcement
▸Incident response with defined response standards
▸Documentation: project runbook or ongoing monthly reporting
▸Contract scope and pricing, not hourly

04service

Investigations

Get the answer in writing, sourced to the record.

Long-form investigative work for situations that need a defensible answer. I take vendor due diligence before you sign a contract, supply chain investigation when something does not add up, post-incident reconstruction for insurance and litigation, and competitive intelligence for procurement. Every claim in the report is sourced to its underlying citation. The structure is built for whoever has to act on the work: your insurance carrier, your lawyer, a regulator, your board, or the press if it gets there.

▸Vendor due diligence and counterparty review
▸Supply chain investigation
▸Post-incident reconstruction for insurance or litigation
▸Competitive intelligence for procurement decisions
▸Public-record, court, and regulatory record analysis
▸Bench evidence where a physical device is in play
▸Available under counsel for attorney work-product privilege

Scope & integrity

The four services above are the most common shapes the work takes, not the limit. Engagements that fall between or beyond what is listed are welcome. The practice is integrity based: cases that fail the screen for evidence, ethics, or independence are declined in writing without exception. No exception for fee size, client name, or pressure.

Where I serve

Based in Tennessee, serving small and medium businesses across the state: Nashville, Knoxville, Memphis, Chattanooga, the Tri-Cities, Murfreesboro, Clarksville, and everywhere in between. Remote engagements anywhere in the United States. Bench work and on-site engagements brought to your location on request.

Engagement model

How the work runs.

Three steps from brief to report. No retainers. No surprises.

Triaged on arrival · urgent ASAP · 48h standard

Brief

You describe what you have, what you need, and what good looks like. I respond with whether the work is in scope, what it will cost, and how long it will take.

Bench

I do the work. Photographs, captures, decompiled artifacts, and a running log are committed to a private repository you can audit at any point.

Record

You receive a written report cited to the evidence, a separate executive summary, and a reproducibility appendix. If you engaged through counsel, the work product carries privilege.

Equipment we trust · In-house labs

Bench tools that earn their place.

Special credit to Saleae, Rabbit-Labs, and Halehound for backing independent researchers and keeping this kind of work going.

Everything below runs in our own in-house labs. Owned cluster, owned bench, owned evidence chain.

SF7

Built in-house

Shielded RF enclosure.

Some bench infrastructure is built rather than bought. The shielded RF enclosure used for phone-home isolation testing is a 36-inch cube TIG-welded from half-inch steel plate, with copper waveguide-below-cutoff feedthroughs for power penetration and a hand-access port sized for in-chamber work. Built to the spec the work required when the off-the-shelf version was not the right shape.

Bench captures and protocol analysis run on a Saleae Logic Pro 16. Compute and analysis workloads run on an in-house Dell cluster. Active bus probing via Bus Pirate. High-density chip programming on a network-locked XGecu T76. Precision soldering on Weller, hot air and BGA work on JBC. Signal validation on Rigol. Component-level inspection under Swift optics. Bench supplies and probes from Rabbit-Labs. Custom rigging built on Halehound. Real tools, real evidence.

Why bench-grade matters

Brittany and Jay Puckett, owners of Obsidian Watch

From our home to yours

Real people. Real bench. Real work.

Brittany owns the practice. Jay runs the bench, the keyboard, and the byline. We're a Tennessee family that put a forensics shop together because we got tired of nobody answering for what hardware actually does. Since 2014.

We treat your business the way we'd treat our own. Independent, owned end-to-end, no investor pressure, no cloud custodian holding your evidence.

Every brief triaged on arrival

Got a device or a question that needs a real look?

Briefs go to investigations@obsidianwatchgroup.com. Every one is triaged the moment it lands. Urgent cases reach me within hours. Standard cases get a human reply within 48 hours, even if the answer is no. Encrypted intake available on request.

send a brief

Bench-grade evidence.Digital forensics for the record.