SITUATION
FTI Cybersecurity was retained by a high frequency trading firm in connection with suspicious virtual machines found on an analyst’s computer. We discovered that the analyst and two others were developing a competing trading platform and were stealing the company’s source code and data. We liaised with authorities leading to federal charges and eventually a plea deal that led to jail time for the analyst.
OUR ROLE
Using a custom metadata database to allow searches for hash values and file names, FTI Cybersecurity forensically analyzed more than 50 different hard drives, virtual machines, mobile phones, and cloud storage accounts using forensic tools. We recovered evidence to show that the analyst bypassed security controls and his accomplices disposed of the hard drives in a sanitary canal to destroy the evidence. We retained divers to retrieve them and, after utilizing a clean room, were able to recover our client’s data from the hard drives as well as personal files connecting the drive to the analyst.
OUR IMPACT
FTI Cybersecurity presented the complex findings to the authorities. Our trial services team developed visual aids that explained complex relationship between the host systems and the virtual machines, and our experts provided clear explanations of the analyst’s actions, leading to his arrest.