Representative Cases

Maragell has conducted digital examinations for a multitude of industries. A sampling of our work is listed here.

  • We established through an examination of the unallocated space on an employee’s personal laptop computer that he had, in fact, viewed a confidential document. The existence of the document on a non-Company issued device was enough to justify the employee’s termination for cause.
  • We assisted in establishing how a (former) employee of a specialty chemical company copied the company’s client and product lists prior to joining a competitor’s staff. Using a combination of proprietary software and forensic tools, we located the exact external device used by the employee to transfer the data. Further analysis showed that the employee’s testimony at deposition was not credible, viz. that he “didn’t realize” he had taken the data along with his personal files and pictures. The forensic evidence established the employee had created specific folders for his personal data and that it would have taken an intentional act to copy the employer’s data.
  • We determined that a disgruntled former employee of a high-end New York salon misappropriated a confidential customer list by logging in to her former employer’s computer network using a co-worker’s username/password. The list was later sold to a competitor who then began soliciting every customer via email and regular mail. The theft was initially blamed on the unsuspecting co-worker, but after mapping IP addresses and internet browser header information from the various computers used to access, copy and print the customer list, the evidence showed the intrusion was launched from computers belonging to the former employee (who later confessed).
  • Using advanced computer registry extraction tools, we extracted from a client-issued laptop computer fragments of gmail communications among employees plotting to take clients and start a new company in competition with their (then) current employer.
  • In a bankruptcy adversarial proceeding, we determined the installation date of the operating system of the debtor’s computer appeared to have been back-dated to make it appear as though it was the same computer the Trustee inventoried weeks earlier.
  • In a case involving the possible leakage of medical records onto the Internet, we established the employee had configured his home computer’s music file sharing program incorrectly, thereby exposing the records to third-parties. Using computer registry search techniques, we located the music sharing program’s audit history and presented to the court the list of medical files that were potentially compromised.
  • We assisted a national mortgage company with its investigation into its staff attorney’s actions in leaking corporate records to third parties. Following the indexing of the former staff attorney’s personal computer, we established the employee had created a file folder on the computer into which numerous loan documents had been copied, and then subsequently deleted.