Sandline in Action: Success is in the Details

Sandline experts take ownership in the success of every matter

Sandline was recently engaged by a multi-national corporation to provide forensic and litigation support services. The corporation was involved in a high-stakes and complex litigation with a dozen ex-employees, all of whom were observed exfiltrating documents containing sensitive company intellectual property (“IP”).

Sandline’s Forensic and Investigations team met with the ex-employees across the US to extract information from their local devices and cloud accounts. Our team worked with  massive amounts of data and a diverse set of over 75 data sources, including:

  • Mac and Windows computer systems
  • Mass storage USB devices
  • USB Thumb drives
  • iPhones, iPads, and Android phones
  • Webmail accounts
  • Dropbox and Google Drive cloud storage accounts

As all the sources were preserved, the images and devices were expertly logged into our Midtown NYC Lab and placed in our secure on-site evidence storage, along with acquisition notes and chain of custody information.

Sandline was provided strict guidelines around what analysis to perform on each data source, also known as an ESI protocol. Per these instructions, our team generated forensic reports detailing file access history, connected device history, web browsing history, and file listings for the case team to review and identify the stolen IP. Additionally, the corporation shared records from their Data Loss Prevention (“DLP”) utility, detailing file names and hash values of files observed leaving their premises in effort to better identify the files.

Once the IP was identified, Sandline securely deleted the data from the devices and accounts, and confirmed that the data was no longer accessible to the custodians.

This engagement was a highly intricate, data-intensive matter with many moving parts. At Sandline, we obsess over quality, down to the smallest detail. Throughout the project, our experts provided proactive updates to the case team to keep them apprised of updates and new information. Sandline’s forensic expertise, advanced evidence management software and state-of-the-art technology, helped this organization safeguard their valuable intellectual property.  

If you have questions about proactively safeguarding your data, or reacting to data exfiltration events, please reach out to to speak to one of our experts.