|
Recent
Computer Forensic Case Studies from the OnlineSecurity
Files
Case
of the Theft of the Trade Secrets
For a well known dot com company, OnlineSecurity
conducted a forensic investigation to determine if an
executive who accepted a job with a competitor stole
proprietary information. The hard drive from the executives
notebook and desktop machine were imaged. Our forensic
analysis established that the night before the executive
left, he downloaded all of the company's process specifications
and distributor agreements, which he then zipped and
emailed via dial up ISP to the competitor he would be
joining . Additionally, reconstruction of deleted files
located emails between the executive and the competitor
discussing his intent to provide the proprietary information
if he was offered additional options in the new company.
Case
of the Diversion of Royalties
For a major film studio, the computer and server files
of a number of its foreign operations were reviewed
to determine if any self-dealing or theft of royalties
was occurring. An extensive analysis of the electronic
media located files that had been erased confirming
that the foreign operations were licensing film rights
at one price, and reporting a much smaller price to
the studio. Further examination of files con- cealed
in hidden directories located bank account numbers in
Hong Kong and Australia wherein funds had been diverted.
Case
of the Disgruntled Employee
For a Fortune 500 client, OnlineSecurity investigators,
utilizing an integrated suite of computer programs and
investigative techniques, were able to determine the
identity of an individual who was making inaccurate
negative postings to one of the stock traders bulletin
boards under an anonymous name. The individual was identified
as an employee of a brokerage firm that held a major
short position in our clients stock. Computer Forensic
anal ysis of the employees home and office hard drives
led investigators to additional disgruntled employees
which were planning to undermine certain critical operations.
Why
use Computer Forensics to strengthen your case?
The OnlineSecurity forensic teams are comprised of forensic
computer specialists, skilled technicians, and seasoned
financial and corporate investigators. Each of our forensic
teams are experienced in the broad range of investigative,
analytical and forensic techniques for collecting, accessing
and reconstructing data from computers, PDA's, audit
trails, networks and other sources such as fax and print
server files, and firewall logs.
Utilizing
advanced searching techniques and analytical procedures,
our forensic investigative team can recover files and
emails that have been deleted, erased, hidden, reformatted
or partially over-written. Specialized software is used
to access files that are password protected and to identify
file names and extensions that have been changed to
disguise them.
Hard
disks are installed at our labs on specially designed
works stations that allow the forensic team to view
the copied disk and to run applications exactly as they
would appear in their native operating environments.
Our forensic team reconstruct not only files, but Internet
activity, browser histories, cookie files, calendars,
email history, zip files, downloads and other pertinent
information, providing a snapshot of how the computer
was used.
|
