Case Study 1
Case Type: Matrimonial
Issue: Usage of Spyware
Overview: During the course of her divorce, our client suspected that her husband was using spyware to monitor her activities. TC Forensics was brought in to copy her home and work computers in order to investigate for the presence of spyware or surveillance software.
Resolution: TCF successfully uncovered spyware being used on our client’s work computer. We uncovered an email sent from the husband which included an attachment claiming to be a simple photo, but which in fact was the installer for the malicious spyware. Further investigation showed that the reports on user activity being generated by the spyware were being sent to the email address “email@example.com”. This proved that not only was spyware being used against our client, but that it was clearly an intentional act of the husband.
Case Study 2
Case Type: Matrimonial & Corporate
Issue: Destruction of Electronic Evidence
Overview: In this case, a husband and wife were partners in a corporation. TC Forensics was hired by the wife in order to proactively preserve the corporate computers after filing for divorce. TCF assisted counsel in obtaining an ex parte order allowing for forensic copies to be made of all computers at the business. When TCF arrived at the business, we were initially denied access for a considerable amount of time. After finally being allowed to copy the computers, we immediately discovered that they had been reformatted in order to destroy as much evidence as possible.
Resolution: TCF successfully proved that the reformatting was done directly after we went to the business and requested access to the computers. Because this was a clear case of intentional destruction of evidence, the judge ordered that the business be put into receivership.
Case Study 3
Case Type: Health Care Compliance (HIPAA)
Issue: Inadvertent Release of Patient Information
Overview: A company that provides operating room monitoring staff to medical facilities became aware that their work calendars were being exposed to the internet. The work calendars included the names of patients and procedures, requiring a full investigation to comply with HIPAA.
Resolution: TC Forensics audited the access logs for the server which hosted the calendars. It was determined that though the calendars were exposed to the internet, there was no evidence of any person actually accessing the calendars that were not hospital staff. TCF then reviewed the remedial measures put in place by the business to ensure that the calendars were now completely secure.
Case Study 4
Case Type: Employment and Intellectual Property
Issue: Theft of Company IP
Overview: TC Forensics was hired by a large law firm to investigate the computers of an employee who recently left the company. The employee was a department head and was immediately hired to open such a department at a competing law firm. Our client believed that the employee took valuable intellectual property which he was using to start the competing department at his new firm.
Resolution: TCF examined the employees work computer and the company’s file server. We discovered that just prior to leaving, the employee copied their customer list, lead list and expensive market research documentation. We proved that the employee had copied the aforementioned documents to a thumb drive from his desktop work computer. Based on this evidence, the court precluded the employee from contacting anyone on the lists for multiple years.
Case Study 5
Case Type: Matrimonial
Issue: Misleading Evidence
Overview: In a divorce proceeding involving a custody dispute, the adversary’s expert produced a report showing pornographic images together with pictures of young kids. This report was shown to the psychiatric expert who recommended that our client only have supervised visitation. The psychiatric expert stated that the opposing computer expert’s report was influential in coming to their ultimate recommendations.
Resolution: TC Forensics showed that the opposing expert’s report was highly misleading and prejudicial. We proved that the photos grouped together in fact had no relation to each other in time or location. We showed that no pornographic material involved young kids and that there was no evidence that any pornographic material was being exposed to the parties’ children. The court agreed and had both the opposing computer expert’s report and the psychiatric report thrown out.