While the others continued to scour the home for more equipment, our forensic expert went to work on the machine.
He followed strict forensic processes to acquire an image of the electronically stored information (ESI). Then he performed a data analysis and uncovered Internet history and deleted emails with possible money laundering implications.
The analysis also showed evidence of a data transfer to a brand of watch with USB capabilities. He then showed the search team a photo of what to look for, and they found a similar device in the kitchen. Upon taking a forensic image of it, our expert discovered a password-protected spreadsheet. While he could have broken the encryption using the tools back at Ricoh's forensics lab, he instead wrote a script on site that revealed the password after about 20 minutes of processing.
Sure enough, the file was the "smoking gun" the investigators were looking for. In it there was information about assets, bank accounts, passwords and the transactions concerning the counterfeit CDs — including the identities of the purchasers.