Current Employees Help Steal Proprietary Information

A consultant is hired by a company that suspects impropriety by a former executive. The company suspects the executive may have taken proprietary business information and used it to create a new start-up company. There are further suspicions that the former executive solicited other employees of the company to gather information used to create the new start-up.

Cellebrite Inspector was used to analyze the computers of several employees suspected of colluding with the former executive. Of particular interest were any possible communications between the former exec and the employees. In addition to email, the company also used Skype.

Cellebrite Inspector, used to analyze the media, revealed an email of possible interest and a chat in the Skype chat logs. One email was located that mentioned a meeting between the former executive and eight company employees.

A second email was sent to the former executive from one of the employees containing an attachment with sensitive company information.   The Skype chat logs contained messages between the company employees discussing copying data to an external hard drive, noting that they were “not stealing” since they were still employed at the company.

One person described the activity as making a backup of sensitive information.  The conversations between the conspirators indicated they planned to leave the company to work at the start-up company of the former executive.

Actionable Intel showed the same external hard drive was attached to several of the conspirator’s computers. Other incriminating information was found in the Windows ShellBags, parsed by Cellebrite Inspector.  The ShellBags revealed the names of folders on the external hard drive. Entire folders were copied from internal file shares to the external drive.

The consultant compiled all of the information and provided it to the company’s legal team. The legal team used the information to take action against the former executive and his new start-up company as well as the employees still at the company who were involved.

“Emails, Skype Logs, Actionable Intel and ShellBags revealed how the conspirators were copying company data.”
-Private Consultant at a Rising Tech Start-Up

Main Takeaways:

    • When a former executive’s new start-up company appears to be using proprietary information a consultant is hired to come in and determine how the executive is getting the data.
    • Information was recovered with Cellebrite Inspector from emails and Skype logs indicating several employees were actively stealing company data.
    • Actionable Intel revealed the same external hard drive had been attached to more than one computer.
    • Windows ShellBags parsed by Cellebrite Inspector revealed the names of folders on the external hard drive which matched folder names on the internal file share, allowing the company to determine what information was taken.

Quick Facts


Cellebrite Inspector parsed email, Skype chat logs, ShellBags, and provided quick access to data of interest in the Actionable Intel tab.

Problem Solved:

A former executive’s new start-up company appears to be using proprietary company information.

Solution Provided:

Information on several computers revealed the former executive had many employees gather information with the expectation that they would be hired at the start-up company.

Overall Results:

Cellebrite Inspector quickly and easily showed which employees were involved, how company data was transferred to an external hard drive, and what information was stolen.

Share this post