Our client received a tip from a customer that an ex-employee had contacted them with confidential pricing they believed had been misappropriated from the ex-employee’s previous employer.
Our client needed to conduct an internal investigation to determine if confidential proprietary or trade secret information had been misappropriated, if restrictive covenants had been violated, and if a non-compete had been violated. Specifically, the client had several questions that needed to be answered:
- What (if any) external devices had been used on the ex-employee’s laptop, and when
- What (if any) files were present on these external devices
- Was there any evidence that company data had been exfiltrated through any means other than USB (i.e., the cloud, email, printers, etc.)
iDS Forensics Team liaised with the client’s IT group to remotely deploy a forensic imaging kit for the computer in question.
The iDS Forensics Team also captured Office365 audit logs and a foresnically sound copy of the email account. Our team performed analysis and reported on the following:
- Identification of connected devices, files being opened from those devices, and that other devices had also been used
- Identification that the corporate email system had been used to send sensitive company documents outside the network
- Identification of third-party cloud systems that had company data synchronized to them
iDS was able to identify that company data had been exhiltrated, how it had been exfiltrated, and when it had become exfiltrated. We also identified additional individuals that had been involved in the same type of activity.
Our client, leveraging findings and the reports created over the course of just one business week, was able to obtain a temporary restraining order, followed by a preliminary injunction, and ultimately a favorable settlement to recover lost revenue based on the activities of the departed employees.