Research Article
Recovery of Circumstantial Digital Evidence Leading to an Anton Piller Order: A Case Study
@INPROCEEDINGS{10.4108/e-forensics.2008.2765, author={Roland MacKenzie and Matthew Sorell}, title={Recovery of Circumstantial Digital Evidence Leading to an Anton Piller Order: A Case Study}, proceedings={1st International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia}, publisher={ACM}, proceedings_a={E-FORENSICS}, year={2010}, month={5}, keywords={case study forensics data carving intellectual property theft Anton Piller order circumstantial evidence}, doi={10.4108/e-forensics.2008.2765} }- Roland MacKenzie
Matthew Sorell
Year: 2010
Recovery of Circumstantial Digital Evidence Leading to an Anton Piller Order: A Case Study
E-FORENSICS
ACM
DOI: 10.4108/e-forensics.2008.2765
Abstract
The authors describe the techniques used to gather and analyse evidence of theft of intellectual property, specifically the customer records of their client, by a former employee, for the purpose of obtaining an Anton Piller order to seize records from the former employee’s new offices. Importantly, it was not possible to find significant prima facie evidence, but a compelling circumstantial case was built up, based on the recovery and analysis of a large number of access records to the customer database. These records were inadvertently stored on the iMac computer (previously used by the respondent) in the form of intranet web addresses (URLs) in deleted and current files throughout the hard drive, despite obvious efforts to delete a wide range of files and records from the computer.