(800) 403-0442

Case Studies



The Sales Director of a large multinational manufacturing company suspected a former employee exfiltrating confidential data. The company learned that this former employee began working for a competing company by way of email communications and other indicators.

The original company became suspicious of the activity and contacted their attorney. Through negotiations both defendant and plaintiff attorneys came to an agreement to use a single digital forensics company. Guardian Forensics was hired to be the independent digital forensics company and conduct the forensic preservation and analysis. Several items that included iPhones, laptops, multiple USB devices, and email accounts were turned over to Guardian. The assignment and scope of work was provided that included searching all digital evidence with numerous keywords with specific date range filters using eDiscovery protocols, and determine how and to what extent the company confidential data in the form of marketing and product information had been transferred to unauthorized entities.


The forensic investigation of identifying the modus operandi of exfiltrating data from a corporation can be tough challenge. There are now numerous technology methods of transferring information from emails, USB devices, to use of Cloud storage accounts. This challenge is even more complex depending on the level of technical skills and security privileges of the suspected employee. Insider threats and data theft are among one of the most costly forms of intellectual property theft that can go undetected.

As egregious as the former employee’s actions where perceived, it was Guardian’s task to determine if the employee had actually been truthful to the extent of the data he removed in his separation of employment and moving on the competitor. The defendant’s attorney was was skeptical of their chances of understanding the full extent of how much of their data was stolen, as the company did not have a Non-Competition Agreement in-place with the former employee. However, as they started learning more about the activities that transpired prior to the individual leaving their employment, things started looking better for the company as there were indications that this was more than just the run-of-the-mill Intellectual Property Theft.

A large part of that change in tide for the company was due to the results of Guardian digital forensics analysis of the former employee’s electronic devices – a laptop, email accounts, and USB devices. As there was initially no suspicion of any wrong-doing when the sales director resigned, those devices were redeployed within the environment. Upon discovering that the company was now in competition with this former employee, they immediately seized the devices and placed them in secure storage.


Through Guardian Forensics professional services the analysis revealed very interesting facts. The relevant artifacts showed the former sales director used a personal USB storage device and a secondary iPhone to exfiltrate confidential data over the last 5 months of employments. A total of 16GB of data was identified through the Link Analysis and USB forensics that pinpointed the exact data that was transferred. The forensic analysis revealed that the former employee had copied and accessed sensitive, confidential information from external media – such as proprietary product lists, supplier lists, technical data sheets, pictures, databases and spreadsheets all containing sensitive, proprietary information on the dates leading up to and on the days the data was backed up to USB device. In this IP theft case, it is important to note that neither the manufacturing company nor Guardian Investigations had access to the personal external media or secondary cell phone. Guardian expertise in identifying and analyzing relevant artifacts provided the trace evidence needed to crack the intellectual property theft case and provide the ammo needed for additional discovery.

Guardian Forensics experience in digital forensics and technology type investigations, allowed the company to fully understand the activities and the impact that those activities had for the intellectual property.


The manufacturing company and their attorneys obtained enough evidence with the use of Guardian to seek recovery of damages and restraining order on the use of their stolen data. The end result — Guardian proved itself as a valuable corporate investigate resource to Unlocking the Truth.



The CFO/Controller of a multi-million dollar HVAC Distributor caught red handed and fired. Within a few days of a call from their insurance company other issues started coming to the surface, the company learned that this former employee had set up numerous functions to bypass financial controls and was stealing from the company.

The HVAC company became suspicious of the CFO activity after their auto insurance company contacted them of policy changes. The contact came after the CFO had been in a minor accident and preceded to have the insurance company create a 1 million-dollar liability waver for him. Changes of these magnitude to the original police require ownership signatures. From this point, the case began unfolding and Guardian Forensics team was retain to investigate the matter. Owners of the company uncovered in addition to the insurance fraud, embezzlement in multiple forms.


Guardian principle consultant and digital forensics expert Alvey Matlock was flown to the east coast and provided an offsite office. From this location employees from multiple departments were scheduled for interviews and two years of financial records and credit card statements were provided for review. Additionally, Alvey was provided full administrative access to the HVAC company technology systems to conduct an IT security audit. Indications from the interviews and financial records uncovered the CFO was running multiple schemes from turning in invoices for cash and never purchasing the product or services, altering financial records in their mainframe system, buying alleged customer promotional merchandise and gift cards from best buy and selling the items on eBay, to shipping product from their warehouse to a second home in Arkansas. Evidence was also uncovered showing the CFO had been expensing personal vacations, travel expenses that even included his honeymoon. The IT audit resulted in findings showing the CFO had taken over administrative privileges to several key systems in the corporate network and client/server systems. This all occurred within less than two years of employment.

On the fifth day of the investigation the CFO was brought into a conference room where his digital devices were seized and preserved for forensics. Guardian provided guidance during the interview where the CFO confessed to a number of his criminal actions. All total the CFO stole over 150,000 in the last 6 to 8 months of his employment.


During the interview Guardian was able to safely secure critical cell phone and laptop evidence. The mobile forensics provided the HVAC company additional insight to how the CFO was stealing and using the company funds for his personal lake house and other living expenses. Guardian Forensics was able to not only recover deleted information and analyze the relevant artifacts it helped prove the CFO criminal misconduct.

The forensic analysis revealed communications with other employees that proved a hostile work environment and how he intimidated his employees and gain administrative control over their financial other critical technology system.

Guardian’s vast experience in technology, digital forensics, interviewing suspects, and testifying and their understanding of the legal discovery process, understanding of the rules of evidence, as well as their ability to convey highly technical information in a manner that brings clarity to non-technical decision-makers, allowed the ownership to fully understand the activities and the impact that those activities had for the HVAC company.


Guardian continued to support the investigation including working with local law enforcement. Copy of all the forensics images and reports were completed and turned over to the prosecutors where a criminal investigation began. A information technology security audit was also completed and worked with the company to remove the escalated security from both it onsite systems and their Cloud infrastructure hosting the company email and other important CRM systems.

The end result — Guardian expertise in digital forensics and information technology acted as the leadership in conducting a successful investigation. The investigation lead to a very serious white-collar crime being fully exposed and reported to law enforcement. The company is activity pursuing charges and recovery of damages that include fees for Guardian professional services provided during the investigation. Needless to say, the client, attorneys and their insurance company were very pleased with Guardian Forensics and helping them manage their internal Investigation.



A father with little custody rights to his two daughters suspected a dangerous situation on their summer visit. The evidence came in the form of child behavior and eventually in a cell phone.

The father became suspicious of certain activity and contacted his attorney. The attorney seeing the evidence realized the magnitude of the situation contacted Guardian Forensics Consultant Alvey Matlock. While visiting their father for the summer both girls had been given new smartphones by the mother. One of the daughters complain of technical issues with her favorite apps and games. The father in the process of assisting came across some very disturbing images and videos. Some of the content was alarming enough the father immediately contacted his Attorney located in Fort Smith Arkansas. Guardian Forensics was hired to conduct the forensic preservation and analysis. The forensic analysis resulted in several additionally artifact findings that appeared to identify subjects living in the primary household were exposing the children to very extreme material and there were signs of potential grooming. The assignment required using extensive background and training in law enforcement and forensics to understand the challenges and dangers presented by the digital evidence to the children.


The forensic investigation identified several key artifacts that included photos, videos, internet history, and very important GEO-Location data. Guardian used top commercial forensics tools such as Cellebrite, and Axiom to correctly analyze and report on the findings. The information had to be categorized along with a very detail timeline created showing when and how the illicit multimedia content had been created and the fact to when the two daughters had obtained and been exposed. The information also presented age difficult images and videos. This information was used in extensive expert testimony and in cross examination to establish important facts to the nature of the evidence. A key point that help the father was Digital Forensics expert Alvey Matlock extensive behavioral analysis in Crimes Against Children casework and his training. His testimony helped establish the extreme nature of the material, facts that most would over look if not well trained and experienced in child exploitation criminal investigations. One of the challenges that the expert testimony helped overcome was explaining technology to the judge and the court through clear and easy to understand language.


In addition to the services focused on cell phone forensics, Guardian assisted the plaintiff’s attorney in preparing for the emergency hearing. Guardian consultants train the attorney on specific digital forensics technology and help develop a strategy that included important questions used to convey the right message to the court. Guardian routinely transfers knowledge and provides technology and forensic training to attorneys.


After a full day of testimony and presenting the findings the father was awarded full custody of the two girls that were schedule to leave the state.

The end result — Guardian proved a valuable resource to the community and help a father protect his daughters. Guardian lives by a code of “Unlocking the Truth”.