Case Study

Theft of Intellectual Property For Unlawful Purposes


A newly employed executive was accused to be illicitly misappropriating the trade secrets from Company A. As a result of which, Company A put a ban on all activities of Company B, for the alleged involvement in the executive's act causing heavy financial losses and compensation.

NOTE: Both the involved companies, preferred to keep their respective identities hidden concerning the security and reputation issues. Thus, the previous employers will be denoted as Company A and the current employers will be denoted as Company B


The motive of the accused was discovered to be; stealing and trading intellectual property for making illegitimate profits.

Modus Operandi

  1. Before departing from Company A, the accused transferred stolen documents and files into a pen drive.
  2. The accused later emailed and traded nearly 100 of those files to separate recipients using a personal Gmail account.
  3. The email copies available on the suspects account were immediately deleted with the intention of destroying evidence and misguiding the investigation.


The Company B was in a huge misery for the executive's misconduct and were looking for a team capable of meeting the following requirements:

  • Technical proficiency
  • Understanding of law and justice

As a result, Cyber Crime Investigation and Research Centre (CCIRC)™ Team was contacted for resolving the case. The use of MailXaminer application was proposed for carrying out the investigation of emails.


  1. Executives from Company A, banned the Company B from carrying out any activities as part of holding them accountable for the entire act.
  2. Apart from being banned, the Company B was also charged with a severe amount of compensation to be paid for the misconduct carried out by the accused who was currently employed as an executive with their organization.
  3. Emails sent by the accused for trading stolen strategies of the Company A, were permanently erased off the personal Gmail account used in the crime.

The Procedure


MailXaminer being a complete email investigating application was used by the team to investigate the entire Gmail account used for trading stolen intellectual property.


Apart from following the standard stages of email investigation, MailXaminer played a huge role in solving the complications in the case. But the emails that could validate all the accusations made on the charged executive were deleted off the accounts, for which further examination was performed.

  1. On further investigation of emails using the Advance Search feature in MailXaminer revealed a recent exchange of emails in the account that brought a turning point in the case.
  2. An email from Google revealed that, the accused allegedly used Google Takeout services to maintain a copy of the deleted emails with himself before erasing them from the account.
  3. The email received from Google, providing a download link for downloading the account items using Google Takeout, wasn't deleted from the account.
  4. And as the investigation was started in the soonest possible time, the validity of the download link hadn't expired yet which proved to be a great stepping stone for the investigators to come to a conclusion.
  5. Since, Google Takeout creates locally storable copies of Gmail emails as an MBOX format file, MailXaminer was again applied to work for examining the MBOX file consisting of deleted emails serving as the final evidence in the case of trading stolen intellectual property.

The Law
The case was later on registered under Section 379 of the Indian Penal Code and Section 43(b) Crime of Data Theft of the Information Technology Act, 2000.


Various stages that I have carried during this investigation process includes

  • Studied The Case – I have studied the case in detailed, analyzed the nature of the suspect and his friends.
  • Evidence Collection – The email accounts credentials of the suspect was collected using advanced forensic tools and various other details from the victim.
  • Verification & Analysis – An exhaustive verification was done with the collected evidences and documents to prove the crime during the investigation process. Using Skin Tone Analysis feature of the tool I sorted out the emails with objectionable images from the bulk.
  • Report Generation – A full report of the entire case describing the stages of investigation and the evidence analysis was done.

Results Obtained

  1. The executive was proven guilty of stealing and trading intellectual property for illegal purposes.
  2. Company A took back accusations charged on Company B, also freeing them from the compensation.
  3. The intellectual property was safely acquired from the charged executive and returned to the authorized officials from Company A.


"We had previously faced a similar betrayal from one of our ex-employees as a revengeful act. And despite of being extra cautious this time, we were again going to be duped by an executive which lead to accusing the Company B. Thankfully MailXaminer did its part really well and helped us charge the right offender as guilty. Appreciate the extra efforts put in by the team of CCIRC as well."Senior Authorities, (Company A)