* All names and identities are fictitious and have been changed.
THE PROBLEM: Advanced IT is a small information technology services company based in the New York metro area. They have an impressive annual revenue of $25 
million, and over 75% of the company’s income comes from re-occurring managed services revenue. For ten years, Advanced IT has been servicing established businesses, including start-up small to mid-sized entrepreneurial businesses.
When Advanced IT’s sales started to dramatically decline, the company’s owner, Jack Crowe, called a few clients to understand where they were moving their valued business. Jack was shocked to learn his former Sales Manager, Mark Doyle, had started Super Hero IT Company (“SH IT Co.”), a competitive IT firm. Crowe also learned his former employee was portraying Advanced IT as price-gougers to encourage them to buy from SH IT Co. at a drastically reduced price. Jack Crowe took action and hired The Goe Gettem P.C. law firm, determined to figure out what legal leverage he had against Doyle’s deceitful client poaching.
THE SOLUTION: Digital4nx Group was soon engaged by the Goe Gettem legal team, and together they agreed on a plan. Goe Gettem would send Mark Doyle a cease and desist letter advising him to stop poaching Advanced IT’s clients, stop speaking poorly about Jack’s pricing practices, and immediately retain all potential evidence from his unreturned Advanced IT laptop. Once Doyle returned his laptop, Digital4nx would then preserve and analyze any digital evidence to support Advanced IT’s case showing Mark intentionally used proprietary data to steal clients and directly compete with SH IT Co.
Within a week of receiving the cease and desist, Mark Doyle returned his laptop. Digital4nx quickly discovered that software named Crap Cleaner (“CCleaner”) was installed, run, and uninstalled after deleting thousands of files and emails. Goe Gettem counsel questioned Doyle on the timing of running the CCleaner, since the deletions occurred after the cease and desist was sent. Doyle insisted he hadn’t yet seen the letter, and the CCleaner was a program normally used at Advanced IT for the general cleanup of laptops. Doyle further insisted he had permission from Jack Crowe to clean the laptop before giving it back; a conversation Jack doesn’t remember.
Because of the CCleaner utility, files were renamed and became unrecoverable even with forensic tools. However, Digital4nx was able to clearly see that thousands of files were recently saved to multiple thumb drives; and Doyle confirmed he had no thumb drives available to return.
THE FINAL OUTCOME: Mark Doyle never agreed to an out of court settlement, so Advanced IT’s legal counsel used the Digital4nx evidence report to support formal legal action against SH IT Co. The Court papers alleged Breach of Duty of Loyalty and Unfair Competition for poaching client lists and proprietary data files while Mark still worked as an Advanced IT employee. Goe Gettem lawyers also alleged Disparagement over Doyle’s unfortunate choice to speak badly about his former employer to win business. The forensic analysis further revealed the SuperHeroIT.com domain name was purchased several months before Doyle resigning, clearly showing the intention to compete directly.
While Digital4nx was unable to recover the deleted laptop files and emails, their digital investigation report proved beyond a doubt Advanced IT’s case: Doyle had used the Crap Cleaner to intentionally delete files causing spoliation of key digital evidence. While Doyle claimed he had Advanced IT’s permission to run the program, and that the program was commonly run on Advanced IT’s laptops to optimize performance, and remove temp junk files and login information, the Court still ruled against him. The timing of Doyle’s mass file deletions after the cease and desist letter was sent was deemed suspicious, and Mark was cited by the Court for intentionally using Crap Cleaner to destroy all potentially incriminating electronic evidence. The judge ultimately ruled in Advanced IT’s favor, instructing jury members to consider Doyle’s actions as an attempt to hide unfavorable evidence that could be used against him.
### END ###
Disclaimer: The information contained in this case study is educational only. This is not intended to fully cover everything related to the investigation or constitute expert advice, legal advice or otherwise. You should always seek the advice and counsel of an attorney while proceeding with these matters. Results may vary as each case is unique and the types of artifacts may not exist depending on many variables. Contact us for a confidential initial consultation.
© Copyright 2019, Digital4nx Group, Ltd. All Rights Reserved.
