Digital Forensics for IP Theft

Digital Forensics for IP Theft Cases

Cases involving theft of intellectual property often hinge on the findings of a digital forensics analysis of specific digital media or devices. If your client suspects IP theft or has been accused of IP theft, here’s how an accredited digital forensics lab can help you with the case.

Flashback Data, LLC has supported plaintiff and defense attorneys on literally hundreds of IP theft cases. Based on our experience, a digital forensics lab may assist attorneys in a variety of ways.

Plaintiff’s Counsel

Step 1: Consultation

Our first involvement with a potential IP theft case is typically a phone consultation (30 – 60 minutes) to get an overview of the suspected theft, what evidence exists, what information was accessed or stolen and what media and devices are available for forensic analysis.

The most common example is a company suspects that a former employee downloaded a client list before leaving. We’ll want to know if the company still has that employee’s computer and/or cell phone, along with information about which system or systems contain the client list in question. This information will help us and you understand how a digital forensic analysis could support the case.

Step 2: Secure and Preserve The Evidence

Assuming there are digital devices or media to analyze, we’ll want to secure those devices as soon as possible. In the context of a digital forensics analysis, securing a digital device is more than just having physical control of it. We’ll also need to isolate that device from any computer networks, Bluetooth devices and wireless and cellular internet access. This should be done as quickly as possible to preserve any files that may be altered over time (purposely or not).

Step 3: Forensic Analysis

Our certified forensic examiners will analyze the devices in question to look for the specific evidence or activities that we discussed in the initial consultation. Depending on the devices, this can take anywhere from a few days to a few weeks.

Even if your in-house IT team has found evidence of theft, you may still need a certified forensic examiner to perform an analysis, especially if you expect the employee to contest the claims. A certified digital forensics examiner will proceed with the intent of creating a forensic report that is transparent, repeatable and can hold up in court. That means preserving evidence, following defined procedures and strictly documenting every step in the analysis.

Step 4: Report on Findings

We’ll prepare a formal report of findings that are clear and understandable to you, your client and any other parties in the case, including the judge.

Step 5: Litigation Support (as necessary)

As we noted above, one of the greatest values of a professional digital forensic analysis, especially from a certified crime lab, is that it can hold up in court even through adversarial cross-examination. Our examiners are experienced in explaining and defending their analysis in a formal deposition.

Defense Counsel

The main difference in supporting defense counsel vs plaintiff’s counsel is that an assessment has typically already been completed by the plaintiff.

Step 1: Technical Analysis / Consultation

Our initial focus with defense counsel in IP theft is to review any existing claims and help them understand the technical details of the evidence. Some common issues that we discuss with defense counsel are:

  • Who performed this analysis and does it appear to be professionally done? Can we trust the findings?
  • Help me translate the findings report into layman’s terms. What is this really saying?
  • My client has a different story than the one claimed by his employer. Could these findings support my client’s version of events?

Step 2: Forensic Analysis

Depending on how well the initial claims are substantiated, the defense may want to perform their own digital forensic analysis. In that case, we normally begin by helping counsel justify such an analysis and any associated discovery needs to the court. This includes things like helping to define what data is related to the case (producible) and what isn’t. We also help to define the “forensic protocol” for the analysis. This is a codified document agreed to by both parties that describes the series of steps that the forensic examiner will perform. Once we receive the device(s) in question, we follow a similar path to what we described above.


If your client is involved in an IP theft case, Flashback Data can help. We were the first private digital crime lab accredited under the same program as the FBI and state labs and we offer experience examiners, personalized service and fast turnaround times.

We’ve completed thousands of digital forensics exams for hundreds of attorneys in IP theft, family law and other criminal and civil cases. Contact us for a free consultation about your case today.