top of page
Abstract Background_edited_edited.jpg
ProactiveDiscovery

Employee leaves with proprietary information

Updated: Jul 8, 2023

SITUATION


Our client informed us that one of their employees left the company several months ago and is now working for a competitor. Our client had reason to believe that proprietary information was taken by the former employee due to recently lost bids on contracts to this competitor.

OBJECTIVE

We were asked to retrace the former employee’s activity on computer systems used during the time of employment.

ANALYSIS

Our first step was to preserve and forensically acquire the computer used by the former employee. The laptop had not been reissued and was stored in a secure cabinet within the HR manager’s office. After confirming chain of custody, we prepared a forensic copy of the hard drive content. Equipped with a working copy of the forensic image we began the analysis. Using timeline analysis techniques crucial events, surrounding the departure of the employee, were chained together.

RESULT

Even though the employee left several months prior to our involvement, we immediately identified Internet browsing activity related to job searches and visits to the competitor’s career section on their website. The Internet activity occurred days before the employee’s departure.

Next, we turned efforts to sensitive and proprietary information used for contract bids. Utilizing various operating system artifacts, a timeline was established which revealed that the former employee accessed proprietary information on the company’s server and began to stage copies of such files on the computer just days prior to leaving the company. Furthermore, we were able to show that the proprietary files were copied to and then accessed from a USB thumb drive attached to the computer hours before the employee left.

Equipped with this information and an in-depth timeline of events, our client was able to make an informed decision on how to proceed.

26 views

Comments


RESOLUTE is a fully-managed cyber risk mitigation service that helps boutique and SMB (small to medium-size business) organizations protect, mitigate, and prepare against constantly evolving cyber threats.

​

bottom of page