A technology company that develops artificial intelligence and autonomous transportation solutions engaged FTI Technology to lead e-discovery and document review in a dispute relating to departing employee theft of intellectual property. In addition to their e-discovery needs, legal counsel and stakeholders from the organization’s compliance team needed experts who could investigate and uncover specific data that contained IP across multiple data sources within the client’s environment and the opposing party’s environment. FTI Technology’s team of emerging data sources experts applied the firm’s proprietary Connect platform to drive quick access and insights into technical files and other sources of IP stored in Microsoft 365 and Google Workspace.

Situation

The client was primarily concerned that highly technical IP — executable files, design specifications, development code and workflows — had been stolen from its Microsoft 365 environment and shared to a Google Workspace environment at another company. In order for the client to prove that the departed employee had indeed stolen IP, and understand specifically what sensitive documents and files had been stolen, the team needed to compare documents across two live, cloud-based environments.

Time was of the essence. The client needed to contain and recover stolen IP as quickly as possible before it was further exposed. This time sensitivity combined with the nature of the data sources as dynamic cloud platforms (vs. traditional static environments) precluded the team from relying upon the traditional method of collecting solely via forensic imaging. A custom solution built for speed, efficiency, thoroughness and defensibility was needed.

The volume of data presented another challenge. The scope of documents in question exceeded 13 million, or roughly one terabyte of data, and would require tens of thousands of searches to confirm whether they contained stolen IP.

Our Role

FTI Technology’s experts have worked with numerous clients in high technology to collect, process, analyze, review and produce engineering files, source code and other forms of sensitive, technical data in IP theft investigations and litigation. The emerging data sources team also has extensive experience with navigating complex underlying systems and developing novel tools and workflows to efficiently extract rapid, meaningful insights from large sets of diverse data. In this matter, the team delivered the following solutions:

  • Collected a forensic image of the departed employee’s device to create an inventory of MD5 hash values of thousands of files that the employee had access to prior to leaving the company.
  • Partnered with the client’s legal, compliance and development teams to ensure a clear understanding of the characteristics of the files and data sources that contained IP.
  • Developed a workflow for comparing files across the two environments in question based on their metadata and MD5 hash values, which would provide a fast and reliable way to cross-reference for stolen IP without conducting a full-scale review of millions of documents.
  • Applied Connect to the client’s live Microsoft 365 environment and to the opposing party’s live Google Drive environment to quickly collect metadata only from the documents in scope.
  • Conducted searches and analyzed the document metadata within the live environments to find overlaps in the hash values, which validated each instance of a file belonging to the client that was also in the opposing party’s systems.
  • Collected only the files that were flagged as relevant according to the overlap in hash value and/or file name, which significantly reduced the number of documents that needed further review.
  • Maintained a detailed audit of the data and the methodology within Connect, which enables the client to conduct subsequent, in-depth e-discovery exercises for the matter if the need were to arise.

Our Impact

The approach of collecting only metadata to identify instances of IP within the opposing party’s environment, rather than following traditional methods of collecting, processing and analyzing the full set of 13 million documents, allowed the team to complete the investigation quickly. FTI Technology delivered meaningful findings within only two days, which is the amount of time it would have taken to simply collect the dataset using traditional workflows.

Connect to data icon

FTI Technology’s proprietary Connect solution allowed the team to access the data immediately, at the source, eliminating the need to collect a forensic image of complex, dynamic systems.

Searches icon

Delivered 28,000 searches within live environments in days, providing the client with near-immediate proof that IP theft had occurred.

Creative solution icon

Saved the client time and e-discovery costs and delivered the information needed to recover and contain stolen IP.