Case Study: Ricoh Forensics
About the customer
The customer is a global computer software manufacturer.
Challenge
Someone was putting out counterfeit versions of the customer’s software on CDs. After seven months of investigating, authorities finally identified a suspect and obtained an ex-parte civil search order to raid the suspect's home.
The customer anticipated that the computers on site may contain critical evidence, and wanted additional support for their own investigators. They called in Ricoh Forensics, the first private computer forensics lab accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board, to provide it.
Solution
When law enforcement and the customer’s team broke into the residence, they quickly found a computer.
While the others continued to scour the home for more equipment, our forensic expert went to work on the machine.
He followed strict forensic processes to acquire an image of the electronically stored information (ESI). Then he performed a data analysis and uncovered Internet history and deleted emails with possible money laundering implications.
The analysis also showed evidence of a data transfer to a brand of watch with USB capabilities. He then showed the search team a photo of what to look for, and they found a similar device in the kitchen. Upon taking a forensic image of it, our expert discovered a password-protected spreadsheet. While he could have broken the encryption using the tools back at Ricoh's forensics lab, he instead wrote a script on site that revealed the password after about 20 minutes of processing.
Sure enough, the file was the "smoking gun" the investigators were looking for. In it there was information about assets, bank accounts, passwords and the transactions concerning the counterfeit CDs — including the identities of the purchasers.