Digital4nx Group, Ltd.

  • About Us
    • Who We Serve
    • Close
  • Digital Litigation Support Services
    • Digital Forensic Investigations
    • Electronic Discovery Hosting, Consulting, and Advisory
    • Early Case Assessment
    • Expert Witness Testimony
    • Close
  • Cyber Security Services
    • Advanced Ethical Hacking
    • Vulnerability Assessment
    • Post-Breach Incident Response
    • Cyber Awareness Training
    • Cyber Risk and Compliance Assessment
    • CISO-As-A-Service
    • Close
  • News and Case Studies
  • Events
  • Contact Us
    • Subscribe to Newsletter
    • Close
You are here: Home / Case Studies / Digital4nx Group Case Study: “Holy SH IT Co: Former IT Exec Cited For Anti-Forensic Program Use”

Digital4nx Group Case Study: “Holy SH IT Co: Former IT Exec Cited For Anti-Forensic Program Use”

February 14, 2022 by Rob Kleeger

* All names and identities are fictitious and have been changed.

THE PROBLEM:  Advanced IT is a small information technology services company based in the New York metro area. They have an impressive annual revenue of $25 million, and over 75% of the company’s income comes from re-occurring managed services revenue. For ten years, Advanced IT has been servicing established businesses, including start-up small to mid-sized entrepreneurial businesses.

When Advanced IT’s sales started to dramatically decline, the company’s owner, Jack Crowe, called a few clients to understand where they were moving their valued business. Jack was shocked to learn his former Sales Manager, Mark Doyle, had started Super Hero IT Company (“SH IT Co.”), a competitive IT firm. Crowe also learned his former employee was portraying Advanced IT as price-gougers to encourage them to buy from SH IT Co. at a drastically reduced price. Jack Crowe took action and hired The Goe Gettem P.C. law firm, determined to figure out what legal leverage he had against Doyle’s deceitful client poaching.

THE SOLUTION:  Digital4nx Group was soon engaged by the Goe Gettem legal team, and together they agreed on a plan. Goe Gettem would send Mark Doyle a cease and desist letter advising him to stop poaching Advanced IT’s clients, stop speaking poorly about Jack’s pricing practices, and immediately retain all potential evidence from his unreturned Advanced IT laptop. Once Doyle returned his laptop, Digital4nx would then preserve and analyze any digital evidence to support Advanced IT’s case showing Mark intentionally used proprietary data to steal clients and directly compete with SH IT Co.

Within a week of receiving the cease and desist, Mark Doyle returned his laptop. Digital4nx quickly discovered that software named Crap Cleaner (“CCleaner”) was installed, run, and uninstalled after deleting thousands of files and emails. Goe Gettem counsel questioned Doyle on the timing of running the CCleaner, since the deletions occurred after the cease and desist was sent. Doyle insisted he hadn’t yet seen the letter, and the CCleaner was a program normally used at Advanced IT for the general cleanup of laptops. Doyle further insisted he had permission from Jack Crowe to clean the laptop before giving it back; a conversation Jack doesn’t remember.

Because of the CCleaner utility, files were renamed and became unrecoverable even with forensic tools. However, Digital4nx was able to clearly see that thousands of files were recently saved to multiple thumb drives; and Doyle confirmed he had no thumb drives available to return. 

THE FINAL OUTCOME: Mark Doyle never agreed to an out of court settlement, so Advanced IT’s legal counsel used the Digital4nx evidence report to support formal legal action against SH IT Co. The Court papers alleged Breach of Duty of Loyalty and Unfair Competition for poaching client lists and proprietary data files while Mark still worked as an Advanced IT employee. Goe Gettem lawyers also alleged Disparagement over Doyle’s unfortunate choice to speak badly about his former employer to win business. The forensic analysis further revealed the SuperHeroIT.com domain name was purchased several months before Doyle resigning, clearly showing the intention to compete directly.

While Digital4nx was unable to recover the deleted laptop files and emails, their digital investigation report proved beyond a doubt Advanced IT’s case: Doyle had used the Crap Cleaner to intentionally delete files causing spoliation of key digital evidence. While Doyle claimed he had Advanced IT’s permission to run the program, and that the program was commonly run on Advanced IT’s laptops to optimize performance, and remove temp junk files and login information, the Court still ruled against him. The timing of Doyle’s mass file deletions after the cease and desist letter was sent was deemed suspicious, and Mark was cited by the Court for intentionally using Crap Cleaner to destroy all potentially incriminating electronic evidence. The judge ultimately ruled in Advanced IT’s favor, instructing jury members to consider Doyle’s actions as an attempt to hide unfavorable evidence that could be used against him.

### END ###

Disclaimer: The information contained in this case study is educational only. This is not intended to fully cover everything related to the investigation or constitute expert advice, legal advice or otherwise. You should always seek the advice and counsel of an attorney while proceeding with these matters. Results may vary as each case is unique and the types of artifacts may not exist depending on many variables. Contact us for a confidential initial consultation.

© Copyright 2022, Digital4nx Group, Ltd. All Rights Reserved.

Filed Under: Case Studies Tagged With: Anti-Forensics Program, Breach of Duty of Loyalty, Client Poaching, Crap Cleaner, Price-Gouging, Spoliation of Digital Evidence

Digital Litigation Support Service

  • DLSS – Digital Litigation Support Services
  • Digital Forensic Investigations
  • Electronic Discovery Hosting, Consulting, and Advisory
  • Early Case Assessment
  • Expert Witness Testimony

Cyber Security Services

  • Cyber Security Services
  • Advanced Ethical Hacking
  • Vulnerability Assessment
  • Post-Breach Incident Response
  • Cyber Awareness Training
  • Cyber Risk and Compliance Assessment
  • CISO-As-A-Service

Case Studies

  • When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.
  • The Threat From Within – Theft of IP
  • Digital4nx Group recognized and honored by Enterprise Security

Contact Us

Digital4nx Group, Ltd.
8 S. Main St - Unit 70,
Marlboro Township, NJ 07746
info@digital4nxgroup.com
732-786-4062

Subscribe to Newsletter
© 2019 Digital4nx Group, Ltd. | All Rights Reserved. Sitemap · Privacy Policy