"For example, if you're a really smart person and you really know the content, you should be able to get all the easy questions right and start struggling with the more difficult ones. If you don't know as much, you should get some of the easy ones right and then not get any of the difficult ones right. Those are normal patterns. But if we see a pattern where a person is missing some of the easy ones and getting some of the very difficult ones correct, we suspect they're not really taking the test in a normal way that a person with a particular ability does."

Time also is a key criterion. The company once discovered a person answering 60 questions correctly and doing so averaging less than five seconds per question on a test that usually took a normal person up to two minutes to answer each of the more difficult questions.

"You know by looking at the timing that this person had preknowledge," Foster said. "They brought all the answers with them, recognized the questions and popped in all the answers."

Collusion is indicated if people at the same test site answer questions exactly the same way, missing the same questions with the same answers. Someone could be coaching them, Foster said.

"We're very conservative about when we spot a problem, but it's very clear in areas where there is a problem," Sorensen said. "We've reviewed 50 million test records now, and it's amazing as you review that many records the patterns you do see."

"We use a very conservative statistical threshold because we don't want to cancel a score or take something from someone unless you're sure," Foster said. "We're not gimmicky at all. We're rooted in solid statistical theory. Our decisions are based on data and not in conjecture, and customers like that."

Caveon's reports to customers include recommendations based on the spotted problems. For instance, teachers administering tests might be replaced with uninterested observers.

"Statistical evidence isn't strong evidence to support a legal action," Foster said. "What you need is observation. So our measures don't lend themselves to that kind of legal action, which is fine anyway. Prevention is the best way."

On the Caveon Web site, Steve Moore, certification program manager for Sun Microsystems, says that Data Forensics is "giving us 'red flags' to help identify not only where unusual testing patterns are occurring, but who is involved." The resulting evidence ensures that "decision-making can be based on real facts versus simple hunches about cheating, piracy and test center issues."