Case Study

Anti-Forensics

resources 9 Case Study 9 Anti-Forensics
The Situation
The Challenge
The Solution
The Outcome
Key Success

The Situation

Our client asked us to investigate a suspected theft of IP. Two employees had recently left the company for competitors and were suspected of misappropriating intellectual property and proprietary information. ArcherHall was given their laptops to search for unusual activity and build evidence of the IP theft, including file transfers to USB, files sent to personal email addresses, correspondence with rival companies, and mass deletion of files.

The Challenge

Our team quickly determined that antiforensics had been used in an attempt to hide suspicious activity on the laptops. The ex-employees had utilized different methods for copying IP, such as Google Drive and Dropbox. They had attempted to hide their activity using drive wiping software, which we could see had been used, and subsequently uninstalled, close to the time of termination of employment. Anti-forensics software makes it more difficult to find evidence of IP theft, but our team was determined to continue.

The Solution

We expanded the scope of our investigation in order to examine not only traces of IP theft, but also evidence of data wiping and anti-forensic activity. Using the latest forensic software, we examined restore points and shadow copies to identify items and activity that had been deliberately hidden or obscured. This allowed us to collect evidence of data tampering that points towards theft of IP.

The Outcome

This evidence was compiled and reported to our client to support their case. Alongside other evidence, the signs of antiforensic activity may allow for further investigation into the suspect’s personal devices, eventually leading to the recovery of IP and mitigation of losses.

Key Success

Awareness of anti-forensic activity lead to an expansion of the scope of the investigation. Our forensic team uncovered signs of IP theft, and circumnavigated attempts to cover up unusual activity.

We are a leading provider of computer forensics and e-discovery services for businesses and law firms nationwide. We don’t take chances with your data when litigation is a possibility, and proper handling is critical.

Related Case Studies

Explicit Content in School

Explicit Content in School

We were retained to investigate accusations that a special education teacher had been browsing the internet for adult content, including suspected child pornography. The school’s web traffic monitoring software had flagged a site the teacher had visited. Given the severity of the accusations, the school executives wanted to verify with certainty that the allegations were accurate.

read more
Digital Theft of IP

Digital Theft of IP

Our client was a corporation investigating suspected theft of intellectual property by a former employee. The employee had left for a competitor, allegedly taking proprietary customer and technical data with him. The client suspected the defendant had attempted to cover his tracks by wiping his computer. The case ultimately involved multiple computers, external media, and mobile devices.the crime.

read more

Contact

Give us a call at (855) 839-9084

Or send us a message and we’ll get back to you right away.