Our January acquisition of computer forensic leader BlackBag was an extremely important milestone for Cellebrite, enabling us to offer the industry’s most comprehensive, all-encompassing platform of Integrated Digital Intelligence Solutions. This includes providing complete coverage for the most device types and data sources from mobile devices and computers to the Cloud and beyond.

In short, we are now a one-stop-shop with the ability to help law enforcement agencies, military, and intelligence teams, and enterprises deliver a complete intelligence picture featuring endpoint security, retainer-based DFIR services, and e-discovery.

When it comes to investigations in the enterprise, a red flag is usually just the tip of the iceberg. Here are just a few of the many true-life cases in which companies have used BlackBag’s computer access solutions to assist with corporate investigations:

The “Entrepreneur”

A company suspected that one of its former executives had stolen proprietary business information and was using it to create a new start-up company. There was further suspicion that the former executive had solicited current employees to gather information for him.

Cellebrite’s Inspector solution was deployed to analyze the computers of several employees suspected of colluding with the former executive. Of particular interest were any possible communications via company e-mail or Skype between the former executive and the employees.

The result was as shocking as it was expected: One uncovered e-mail referenced a meeting between the former executive and eight company employees. A second e-mail from an employee to the former executive contained an attachment containing sensitive company information. 

The Skype chat logs were equally helpful, showing messages between the company employees in which they discussed copying data to an external hard drive, noting that they were “not stealing” since they were still employed at the company. The conversations between the conspirators indicated that they planned to leave the company to work at the start-up company of the former executive.

The company’s legal team used this information to take action against the former executive and his new start-up company, and the employees still at the company who were involved. In this instance, eDiscovery helped tell the story of what was going on behind the screens with rogue employees, ultimately protecting the company and its interests.

The E-mail Enigma

A corporation needed to access e-mails on a former employee’s office MacBook. Unfortunately, the e-mail files were stored in a format created by “Outlook for Mac 2011.” The company knew nothing about the format, the file extensions and folder locations were not familiar, and the in-house forensic tools they were using could not interpret the data.

The digital forensics examiner on the case was unsure what his next steps should be; the industry-standard tools he had used for years were not helpful and he was no closer to the e-mail message evidence. In this instance, the investigation benefitted from an end-point security solution.

The examiner turned to Inspector, which enabled him to capture a forensically sound image of the data on the MacBook, quickly extract the data, automatically locate the e-mail messages, and seamlessly export them into a format that the company could easily analyze.

The Mystery of the Malicious Executable

A Fortune 500 company detected a malicious executable on a production server used to store customer data. The company had no idea how it got onto the server, or what data the executable may have been exposed.

The team called in a consultant, who created a forensic image of the machine and used Inspector to analyze a complete digital intelligence mapping of the incident in question. He discovered that a file with a name similar to the executable was downloaded by an account with the name “adminnistrator” (with two N’s). He was then able to figure out exactly when this account was created and last accessed.

As the investigation continued, the consultant used BlackBag for more advanced analysis techniques in order to determine the sequence of events that led to the malicious executable. Ultimately, the consultant was able to determine that the system was not up to date with current patches, which would have prevented the events that led to the installation of the malicious executable.

At the conclusion of the examination, the company was provided with information on how the system was likely compromised, an indication of whether data was exfiltrated, and recommendations for preventing a similar attack in the future.

The Turncoat

An engineer left a company to work for a competitor. One year later, the competitor launched functionality suspiciously similar to patented functionality his former employer had been working on for the last three years. A patent infringement case ensued, but the organization had to prove that its former employee had been involved with the original project.

Using Inspector, the company began a review of the former employee’s computer. Browser history showed that the former employee downloaded his new employment contract with the competitor two months before he gave notice to the organization.

Even more damningly, the investigator discovered that the former employee had transferred design schematic files to a thumb drive a week after his new employee contract was downloaded. The files with the design schematics were sent to the legal team as reference documents to try to locate similar information at the competing firm.

In short, the company was able to leverage eDiscovery and additional digital intelligence measures to dive into the system and verify dates and times for the artifacts, setting up a timeline of events and a case against the former employee, and proving that the design schematics were removed from his work computer after he had signed an employment contract with the competing company.

It is paramount that enterprises streamline the collection and processing of computer and mobile data to support internal investigations and civil litigation with digital intelligence.

By adding BlackBag’s solutions to the Cellebrite portfolio, we have created an all-in-one digital investigation solution for corporations and consultants, enabling them to generate critical insights in a controlled and coordinated fashion while accelerating efficiency and accuracy of the investigative process and maintaining compliance.

To learn more about the computer access and analysis solutions, sign up for the upcoming webinar that walks you through how you can navigate digital investigations in 2020 using Cellebrite Inspector and Cellebrite Digital Collector.

Share this post