During an internal investigation, two executives were ordered to turn their laptops over to the company's outside counsel. However, neither the executives, nor their laptops, appeared at the designated time and place. Once the laptops finally materialized, forensic analysis was performed and remnants of evidence spoliation, more specifically data scrubbing, were found on both. Findings from the forensic analysis of both laptops were provided via testimony to a foreign law-enforcement agency which allowed them to secure a conviction related to Foreign Corrupt Practices Act (FCPA) violations.
Intellectual Property Theft
A professional staffing firm relied heavily on the use of a single spreadsheet that contained information on prospective employees. After a junior employee left to join a competitor, the company suspected their spreadsheet had been stolen. Upon issuance of an ex-parte temporary restraining order, forensic images were obtained from the competitor's computer systems and the data was analyzed on-site. The misappropriated spreadsheet was located on one of the computers. Following this discovery, the case was settled quickly in the plaintiff's favor.
A financial service firm's IT personnel installed remote access software with a weak password on an executive's laptop. The computer was easily exploited by attackers over the Internet. Forensic analysis was performed and resulted in the identification of unauthorized remote-access activities from around the globe, including evidence that the laptop had been attached to a "botnet" that was awaiting further orders. A detailed narrative report was developed which helped the client understand the extent of their exposure. A forensic image of the laptop was sent to federal law-enforcement officials to assist in the ensuing criminal investigation.
Instant Messaging Alibi
Law enforcement requested insight on a criminal case that involved a gang-related assault and battery outside of a high-school dance. One of the suspects, with no known gang affiliation, claimed to have been instant messaging with a friend during the time of the altercation. Forensic images were obtained from the computers of the suspect and his friend, which included the chat sessions in question, and no evidence was found that they had been tampered with. After reporting the findings to the District Attorney's Office, charges against the suspect were dropped.
Source Code Theft
A software developer was alerted by one of their customers that a post had been made to an online forum, in a foreign language, that offered the complete source code to one of their unreleased products. With the assistance of a translator and a private investigator, the post was identified and preserved successfully, online contact was made with the poster, and a copy of the source code was downloaded directly from him. A private investigator made contact with the poster, in person, and he identified the source of the leak in the company's software development team.
IT Gone Rogue
An IT Director noticed that his network engineer, who was involved in a back-pay dispute with the company, was reading the HR department's email without authorization. The IT Director alerted HR, the network engineer was escorted from the building, and forensic images were obtained from his computers. Evidence of unauthorized monitoring, piracy, and pornography were found. The employee was terminated and his pending disputes were settled in the company's favor.
A retail company's IT staff were unable to access their mail server which was hosted by a third party. The company first suspected something had gone awry when they received suspicious information about the server "crashing." To investigate, IT staff physically retrieved the server and forensic images were obtained from multiple hard drives contained inside. Forensic analysis revealed not only that configuration information for the hard drives had been destroyed, but the hard drives had been physically removed from the server then returned in the wrong order. Once the findings of forensic analysis were reported via expert report and deposition the plaintiff prevailed in federal court.
Date and Time Manipulation
An individual sued his former employer for wrongful termination related to a whistle blowing complaint he had lodged in federal court. One of the plaintiff's claims was that the company had doctored his resume to support claims regarding his misconduct. The plaintiff was ordered to make his laptop and electronic media available for forensic imaging. Forensic analysis revealed multiple instances of date and time manipulation on the plaintiff's laptop, as well as deletion of relevant documents that were subject to a preservation order. The analysis also found the original resume, that the plaintiff had claimed his former employer had doctored, in deleted space on one of the floppy disks forensically imaged. Noting that the "Plaintiff has engaged in extensive and egregious misconduct in this case," the judge allowed the company's motions to dismiss and for further sanctions.
Piracy for Profit
A production company recognized that the films they produced for the Asian market were being ripped from their DVDs, watermarked, and re-sold online. With the assistance of a translator, the company's content was identified and archived, relevant network communications were captured, and a complex web of suspicious online relationships were identified. Findings from the forensic analysis resulted in a court order that authorized the seizure of a mail server to assist in identifying the suspects' true identities.
Computer Forensics In Action
Evidence Spoliation — During an internal investigation, two executives were ordered to turn their laptops over to the company's outside counsel…
Intellectual Property Theft — A professional staffing firm relied heavily on the use of a single spreadsheet that contained information on prospective…
Laptop Compromise — A financial service firm's IT personnel installed remote access software with a weak password on an executive's laptop…
Instant Messaging Alibi — Law enforcement requested insight on a criminal case that involved a gang-related assault and battery outside of a high…
Source Code Theft — A software developer was alerted by one of their customers that a post had been made to an online forum, in a foreign…
IT Gone Rogue — An IT Director noticed that his network engineer, who was involved in a back-pay dispute with the company, was reading the HR…
Server "Crashing" — A retail company's IT staff were unable to access their mail server which was hosted by a third party. The company first suspected…
Date and Time Manipulation — An individual sued his former employer for wrongful termination related to a whistle blowing complaint…