Our forensic search product features include the ability to view a remote computer’s file system in a forensically safe manner, ensuring sound evidence collection should an investigation move to criminal or civil proceedings. Investigators have the ability to view and analyze remotely running programs in memory to search for evidence of malicious code, viruses, or other unauthorized programs.  Imagine being able to sweep an entire network for threats and instantly trace running programs back to the hard disk.  This allows incident responders to remediate a computer intrusion much faster than with traditional tools.  All this designed to support incident response, network forensics, eDiscovery, and insider threat issues.



In this case study, we examine how our forensic service was leveraged to successfully conduct an HR investigation of employee sexual harassment. Our program is an enterprise-level forensic suite that enables analysts and investigators to instantly reach across great geographical distances to rapidly conduct investigations into employee misconduct, company policy violations, sexual harassment, employee pilfering of customer lists, the exfiltration of intellectual property, and other HR-centric infractions. These types of investigations are extremely sensitive in nature but fortunately our tool enables exceptionally thorough investigations to be performed with no workplace disruption, a maximum of discretion and privacy for all parties involved, with the highest standard of forensic accuracy. Additionally, leveraging a distributed, parallel forensic processing infrastructure to perform these in-depth investigations in a fraction of the time needed by legacy technologies.


The company HR director was approached through the company’s open door policy by Employee A. Employee A, who worked in the company headquarters, lodged a formal complaint that she had been the subject of sexual harassment from Employee B who worked in a remote company branch approximately 200 miles away. Employee A filed a written statement that alleged Employee B had been sending her unwanted and unsolicited text messages, sent her inappropriate jokes in company emails, and had made unwanted advances. Given the zero- tolerance policy for sexual harassment in the company, the HR director immediately followed protocol to initiate a formal investigation into the matter. Recognizing the extreme sensitivity of the matter and the need for validating the substance of the allegation without impacting the reputation of either Employee A or Employee B, the decision was made to leverage the power of our technology tool to conduct the first phase of the operation.


Operating with complete discretion, the company’s security professional began the investigation by conducting a remote, live keyword search of Employee B’s email on both the company exchange server and on the employee’s company assigned computer. The technology tool was able to conduct this search live in a matter of minutes. The next point of analysis and discovery for the security professional was a remote examination of the chat client on Employee B’s computer. The findings from both the email and the chat confirmed that there was a foundation to Employee A’s complaint. These findings led to a more in-depth investigation of Employee B’s activities.


Utilizing the ability to remotely investigate live internet history, track user access and other user activity, the investigator determined that Employee B was also visiting inappropriate web sites from the company computer, had installed unauthorized programs on the company computer and was actively searching for employment with the company’s direct competitors. Once the investigator identified these artifacts of investigative interest, he leveraged the forensic imaging capabilities to preserve the evidence in the event that legal action would be required and produced a report. Once the evidence was presented to the HR Director and the company leadership, the company terminated Employee B for cause.  The entire investigation from Employee A filing the complaint to Employee B’s termination was conducted in less than six hours.