Magnifying glass on desk

Case Study: Ricoh Forensics

Ricoh’s forensics expert cracks open software piracy case

About the customer

The customer is a global computer software manufacturer.

Challenge

Someone was putting out counterfeit versions of the customer’s software on CDs. After seven months of investigating, authorities finally identified a suspect and obtained an ex-parte civil search order to raid the suspect's home.

The customer anticipated that the computers on site may contain critical evidence, and wanted additional support for their own investigators. They called in Ricoh Forensics, the first private computer forensics lab accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board, to provide it.

The advanced forensic techniques employed by Ricoh’s expert discovered the document that turned out to be the "smoking gun" of the software piracy that the search team was hoping to find.

Solution

When law enforcement and the customer’s team broke into the residence, they quickly found a computer.

While the others continued to scour the home for more equipment, our forensic expert went to work on the machine.

He followed strict forensic processes to acquire an image of the electronically stored information (ESI). Then he performed a data analysis and uncovered Internet history and deleted emails with possible money laundering implications.

The analysis also showed evidence of a data transfer to a brand of watch with USB capabilities. He then showed the search team a photo of what to look for, and they found a similar device in the kitchen. Upon taking a forensic image of it, our expert discovered a password-protected spreadsheet. While he could have broken the encryption using the tools back at Ricoh's forensics lab, he instead wrote a script on site that revealed the password after about 20 minutes of processing.

Sure enough, the file was the "smoking gun" the investigators were looking for. In it there was information about assets, bank accounts, passwords and the transactions concerning the counterfeit CDs — including the identities of the purchasers.

Close up picture of keyboard.

Results

Thanks to the data revealed, our customer was able to threaten legal action against the purchasers of the counterfeit software and eventually recovered more than $17 million.

Plus, the defendant’s settlement recovered millions of dollars from the bank accounts our forensics expert discovered.

Download PDF