The plaintiff did not have faith that the defendants would perform collections in a reasonable manner so the court approved access to the defendants’ computers. Legility helped develop a forensic protocol to outline what information would be collected, how to ensure it was done correctly and how to make sure privileged information would not be exposed accidentally.
Legility sent a forensic evidence specialist across the country to collect data from four defendants’ corporate and personal devices, including their phones, laptops and desktop computers. The data was brought back to Legility for in-depth analysis.
The forensic investigation began with a general look at the data and a goal of proving that certain files originated with Company A. Legility created file listings of everything on the devices, including emails, communications, Internet history, fileshare sites, connections/removals of other media (flash drives, etc.), and more.
As Legility’s forensic analysts drilled down into the data, they found proof of what was taken, copied, transferred, deleted and when. The image at right shows what kind of metadata is viewable to any user (confidential information has been blacked out).
At the same time, the collected data was loaded into Legility’s web-based review platform so attorneys could screen for privilege and request forensic analysis of specific documents, which were mostly Microsoft Office documents and emails. For example, one defendant’s computer had a folder called “noncompete.” Another defendant had a folder explicitly labeled “documents from Company A.”
Legility looked at the point of origin for relevant files, and this analysis showed files that definitively originated at Company A. The image at right is an example of the metadata Legility was able to see (confidential information has been blacked out). Legility’s investigation also revealed that Company B was using proprietary formulas from Company A on Excel spreadsheets. Additionally, Legility found strong circumstantial evidence of file transfers through thumb drives and record of a mass copy on one defendant’s computer.
Deleted files also have metadata, and in this case, Legility found documents that the defendants said they did not have on their computers. One defendant had a second computer that he did not initially turn over for collection. His first computer showed backups of the second computer even though the files were deleted from the first computer he provided for collection. The second computer was shipped to Legility to copy and analyze.