A consultant is hired by a company who suspects impropriety by a former executive. The company suspects the executive may have taken proprietary business information and used it create a new start-up company. There are further suspicions that the former executive solicited other employees of the company to gather information used to create the new start-up.
BlackLight was used to analyze the computers of several employees suspected of colluding with the former executive. Of particular interest were any possible communications between the former exec and the employees. In addition to email, the company also used Skype.
BlackLight, used to analyze the media, revealed an email of possible interest and a chat in the Skype chat logs. One email was located that mentioned a meeting between the former executive and eight company employees. A second email was sent to the former executive from one of the employees containing an attachment with sensitive company information. The Skype chat logs contained messages between the company employees discussing copying data to an external hard drive, noting that the were “not stealing” since they were still employed at the company. One person described the activity as making a backup of sensitive information. The conversations between the conspirators indicated they planned to leave the company to work at the start-up company of the former executive.
Actionable Intel showed the same external hard drive was attached several of the conspirator’s computers. Other incriminating information was found in the Windows ShellBags, parsed by BlackLight. The ShellBags revealed the names of folders on the external hard drive. Entire folders were copied from internal file shares to the external drive.
The consultant compiled all of the information and provided to the company’s legal team. The legal team used the information to take action against the former executive and his new start-up company as well as the employees still at the company who were involved.
BlackLight parsed email, Skype chat logs, ShellBags, and provided quick access to data of interest in the Actionable Intel tab.
A former executive’s new start-up company appears to be using proprietary company information.
Information on several computers revealed the former executive had many employees gather information with the expectation that they would be hired at the start-up company.
BlackLight quickly and easily showed which employees were involved, how company data was transferred to an external hard drive, and what information was stolen.