Langley, BC
(604) 800-9060
Teradrive Forensics

Use case

IP and trade secret theft investigations.

When a competitor's new product looks suspiciously like yours, or a former insider has built a copycat business, the forensic record often tells the story.

Book a consultation about a suspected IP theft See all services
IP & Trade Secret Theft — editorial illustration

Signs you may need this

Common indicators we hear from counsel and corporate clients.

  • Suspected misappropriation of source code or designs
  • A competitor launches a suspiciously similar product
  • Confidential drawings or formulas appear elsewhere
  • Departing developer or engineer joined a rival
  • Client list or pricing data leaked to a competitor

Scope of this work

What we cover and what we typically find.

  • Pre-departure exfiltration of source code repositories, design files, customer lists, pricing matrices, and internal documentation.
  • Post-departure use evidenced by access patterns, communications with the new employer, and metadata in derivative work product.
  • Code similarity analysis where source-code repositories can be compared to outputs in the wild.
  • Communications with the new employer or co-conspirators that pre-date the departure.
  • Cloud storage artifacts in personal Google Drive, Dropbox, OneDrive, GitHub, or Bitbucket showing the offloaded materials.

How we approach it

A defensible, repeatable process.

1. Scoping with counsel. IP theft matters almost always require litigation, regulatory, or pre-litigation analysis. Engagements are typically retained through counsel from day one to support privilege.

2. Preservation. We preserve former-employee endpoints (where the company retains them), M365 and Google Workspace mailboxes and audit logs, source-code repository access logs (GitHub, Bitbucket, GitLab), and any other in-scope source.

3. Pre-departure forensics. We examine the artifact set described in Employee Data Theft to establish what left the company.

4. Post-departure analysis. Where the new employer's product or output is available, we examine code similarity, file metadata, and where lawful, public-facing documentation. This often supports an interim injunction application.

5. Reporting. A written examiner report and, where required, an expert affidavit suitable for an interim injunction or interlocutory motion.

What we deliver

Concrete outputs from a typical engagement.

  1. 01

    Forensic preservation of suspect devices

  2. 02

    Source-code and document movement analysis

  3. 03

    Cross-device exfiltration timeline

  4. 04

    Affidavit-grade examiner report

  5. 05

    Anton Piller execution support if ordered

  • A preserved evidence set covering pre-departure activity and any available post-departure indicators.
  • A written examiner report tying findings to specific artifacts and timestamps.
  • A code similarity or metadata analysis where the matter calls for it.
  • An expert affidavit suitable for an interim injunction or production order application.
  • A chain-of-custody record from intake through archive.

Services typically engaged

Forensic services we draw on for this scenario.

Computer Forensics

Forensic imaging and analysis of Windows, macOS, and Linux systems for litigation, internal investigations, and expert witness work.

Learn more

Cloud Forensics

Defensible collection and analysis of Microsoft 365, Google Workspace, AWS, Slack, Teams, and Salesforce evidence under legal hold.

Learn more

Expert Witness

Court-qualified expert witnesses delivering affidavits, expert reports, and trial testimony in Canadian civil and criminal matters.

Learn more

Common questions

IP & Trade Secret Theft questions we hear most.

Can you support an interim injunction application?

Yes. The forensic record is often the foundation of an interim injunction application against a former employee or a new employer. Affidavit timing and content are coordinated with counsel.

Can you analyse the new employer's product without their cooperation?

Sometimes. Where the product or its output is publicly accessible, we can compare it to your in-scope materials. Where the product is closed-source and private, the analysis usually requires a discovery order.

What about source code that was committed to a personal GitHub account?

GitHub maintains commit history with timestamps and IP metadata that often survives even after a repository is deleted. We work with counsel on the production process to GitHub where the matter justifies it.

How does this fit with the Defend Trade Secrets Act framework?

Canada does not have a direct Defend Trade Secrets Act equivalent. Trade secret claims usually proceed under breach of confidence, breach of fiduciary duty, or breach of contract. The forensic record supports each of these causes of action.

How long does an IP theft investigation take?

Typically four to eight weeks for a draft report, depending on the breadth of materials and the availability of post-departure evidence.

Related scenarios

Other use cases that often arise alongside this one.

Employee Data Theft

Departing-employee data theft: USB, cloud upload, and email exfiltration forensics.

Explore

Anton Piller Orders

On-site forensic acquisition for Anton Piller order executions across Canada.

Explore

Litigation Hold

Defensible preservation of devices, mailboxes, and cloud accounts once litigation is anticipated.

Explore

Suspect a former insider took your IP?

Tell us about the matter and the timeline. Our team will reach out as soon as possible.

Book a consultation Call (604) 800-9060