Here you can read some of our case examples, which were modified to ensure confidentiality.

1. Uncovering of security leaks following an investigation of an eavesdropping attack

After discovering eavesdropping technology in a company working in conflicted regions, concerns arose regarding the security of international information and the protection of the communication channels.
The entire company was inspected for classic wiretaps and modern PC trojans. The espionage programs and weak points were found in several areas – up to the IT-administration. They were detailed in a report and corresponding measures were submitted.

The evidence led to personnel changes. Now, general coding technologies are used for the international communication. Especially the cell phone and satellite phone communication is coded.

2. Threat assessment following a confiscation of PC’s by the office of the district attorney

Based on a denunciation, several PC’s, notebooks, and PDA’s were confiscated by the district attorney’s office. The company’s request was to establish whether access to sensitive data took place and whether the PC’s were especially prepared by intelligence services.

First of all, the relevant systems were intensively tested for manipulation of hardware and bugging devices. Then, the measures of the investigating authority were reconstructed. This included the display of access to the hardware, the programs, and the data as well as evidence, which contents were searched.

Afterwards, all existing data was tested for sensitive information. Here, especially deleted data, usually inaccessable hard drive areas, and log files were analyzed. Based on the information found, a risk assessment was compiled regarding the access to sensitive information.

3. Industrial Espionage

A telecommunication service provider suspected an unknown employee of providing confidential information to a rival company.

Making an appointment for a personal meeting, during which the procedure, including all available possibilities for analyzing the classical and the IT- systems were detailed, was enough to trigger an overreaction of a member of the management. Unfortunately, this employee was able to use his influence to withdraw the assignment from KDM. Immediately afterwards, the same individual went to work for a foreign competitor.

4. Bankruptcy Fraud

A salesman was suspected of defrauding a client, whose machines he took into comission, by selling them partly abroad and taking the proceeds for himself. The client went bankrupt.

With the help of an informant, the suspect’s e-mail communication was made accessible and therefore could be analyzed by KDM. It was possible to identify the international contacts of the suspect with online based investigations combined with traditional investigative techniques.

The investigative findings resulted in first leads to the whereabouts of the machines.

5. Transmission of Information in an Attorney’s Office

During a lawsuit, important documents belonging to a client reached the opposite party. The attorney’s office was concerned that the documents were transmitted via fax or e-mail. Trojans could not be ruled out.

The possible leak of information could be isolated to a single PC by analyzing the LAN system. This PC was examined for viruses and trojans. As these results were negative, all e-mail and fax transactions as well as acess to the relevant documents were tested for any activities during the certain time frame.

Finally, an unintentional transmission of the documents was ruled out.