Case Studies

Anonymized insights into our investigation practice. Every case is unique - these examples showcase our methodology and the concrete results we deliver for our clients.

All case studies have been anonymized and abstracted to protect our clients.

12

Documented Cases

4

Investigation Areas

100%

Success Rate

35+

Years Experience

Due Diligence

Due Diligence

Due Diligence Before Strategic Partnership in Logistics Sector

Background investigation on an Eastern European logistics company with 18 affiliated entities.

Situation

An internationally active corporation planned a partnership with an Eastern European logistics company. Before signing the contract, the company commissioned a comprehensive background investigation on the target person and their corporate group.

Methodology

The investigation encompassed an analysis of the business network with 18 affiliated companies, research in local corporate registries, and systematic media analysis. In parallel, we queried PEP and sanctions lists, leak databases, and engaged local investigators.

Result

No entries in financial sanctions lists. The target person showed a remarkably low profile in leak databases. The corporation received a solid decision-making foundation with documented political connections for realistic risk assessment.

Corporate IntelligencePEP ScreeningInternational Research
Due Diligence

Background Check Before Contract Signing

Verification of a potential business partner with changing addresses and spotty online presence.

Situation

Multiple residences in different states, changing business addresses, and a spotty online presence. The client needed clarity about a potential business partner before entering binding agreements.

Methodology

OSINT research included address verification queries, social media profile analysis, trademark registry research, and systematic queries in leak and breach databases. Additionally, checks in sanctions lists, insolvency registries, and media archives.

Result

The report delivered a complete picture: verified contact information, documented business activities over two decades, potential reputation risks from leaked data, and financial situation assessment.

Person IntelligenceAddress VerificationLeak Databases
Due Diligence

Due Diligence of an Education Provider

Location verification of a training company before an investment decision.

Situation

An investor faced a participation decision in a training company that advertised a nationwide network of locations. The listed addresses needed verification for actual business activity.

Methodology

The investigation combined two approaches: An undercover consultation as a potential course participant, and physical location visits with questioning of people on-site.

Result

Significant discrepancy between public presentation and actual operational structure: All training sessions conducted exclusively online, advertised locations served only as occasionally rented workspaces. Solid decision-making foundation for the investor.

Location VerificationUndercover ResearchInvestor DD

Cyber Intelligence

Cyber Intelligence

Domain Exposure Analysis

487 compromised records, 86 plaintext passwords, three infostealer infections at a mid-sized company.

Situation

An internationally active mid-sized company commissioned comprehensive analysis of digital exposure of its corporate domains. Goal: identify compromised credentials in known data breaches and detect active infostealer infections.

Methodology

The investigation combined automated queries against specialized breach databases with manual analysis in the Deep and Dark Web. The investigation period covered seven years.

Result

487 exposures across 117 different data leaks. 237 employee email addresses affected, 86 passwords exposed in plaintext. Three endpoints infected with infostealer malware identified, which had exfiltrated 68 sets of credentials.

Breach DetectionInfostealerDark Web
Cyber Intelligence

Darknet Investigation After Ransomware Attack

Verification of possible data publication following ransomware attack by international hacker group.

Situation

Following a ransomware attack by an internationally active hacker group, the affected company faced a central question: Had company data already been published on the Darknet or offered for sale?

Methodology

Systematic searching of the attacker group's known leak sites, relevant Darknet forums, and marketplaces. Technical analysis of threat actor infrastructure including source code analysis of the extortion website.

Result

No evidence of publications or sale offers. Threat actor profiling identified the group as Ransomware-as-a-Service operation originating in Russia. 12-month monitoring established for early detection.

Darknet MonitoringThreat Actor ProfilingRansomware
Cyber Intelligence

Email Research - Rapid Identity Verification

Systematic analysis of a single email address with identification of linked identifiers.

Situation

A single email address, no other leads. A client needed information about an unknown email address within a short timeframe.

Methodology

Systematic verification steps: Password reset procedures to identify linked phone numbers, queries in breach and leak databases with over 124 billion records, searches in identity databases, and alias analysis.

Result

Through password reset procedure, a partially masked mobile number was identified. Alias research yielded additional hits on multiple platforms - concrete starting points for further investigation.

Email IntelligenceQuick CheckOSINT

Brand Protection

Brand Protection

Test Purchase for Evidence Collection in Trademark Infringement

Documented test purchase and seller identification for court-admissible evidence.

Situation

A trademark owner discovered their products were being distributed through unauthorized online shops in Germany. Court-admissible evidence was needed for legal action.

Methodology

A test purchaser acquired six products through the suspect's online shop. The entire purchase process was documented. OSINT research: analysis of multiple linked websites, social media profiles, and payment recipient data.

Result

The investigation clearly identified the seller: name, address, and network of multiple websites and Facebook profiles. Complete test purchase report with photo documentation provided as court-admissible foundation for cease and desist letter.

Test PurchaseTrademark LawEvidence Collection
Brand Protection

Address Verification in Brand Protection Investigation

Uncovering a fictitious return address for counterfeit products.

Situation

Counterfeit branded products appeared on German online marketplaces. The listed return address for complaints led to an industrial area, but the house number did not exist.

Methodology

Registry research combined with on-site verification. An investigator documented the building structure during business hours, photographically captured all company signs, and verified the existence of the listed house number.

Result

The listed house number did not exist. The logistics company at the nearest real address was responsible for importing the counterfeit goods. Court-admissible evidence for legal action.

Location VerificationCounterfeitOn-Site Investigation
Brand Protection

Identification of Unauthorized Brand Goods Trader

Uncovering a trader network with three companies distributing branded products without authorization.

Situation

An eBay seller offered sports shoes from well-known brands at suspiciously low prices. An international sporting goods manufacturer wanted to clarify who was behind the seller and whether this was authorized trade.

Methodology

OSINT research: commercial registry queries, analysis of social media profiles and eBay seller accounts, identification of linked domains and websites, queries in leak databases to verify digital identifiers.

Result

A married couple operating a network of three trading companies from their private address. One company showed payment defaults. Complete dossier provided as foundation for trademark enforcement measures.

Trader IdentificationeBayCompany Research
Brand Protection

Trader Identification Through Leak Data Analysis

Identification of a suspicious retailer in Portugal starting from company name and tax ID.

Situation

An international trademark holder needed information about a suspicious retailer in Portugal who may have been distributing counterfeit products. Only the company name, tax ID, and business address were known.

Methodology

OSINT research identified the sole shareholder. Systematic analysis of leak databases discovered a mobile phone number and email addresses. Google Street View analysis of the registered business address.

Result

Linking identifiers revealed connections to social media accounts and a Telegram account. No retail store at the registered address, but a retail business identified at a second discovered address.

International ResearchLeak AnalysisPortugal
Brand Protection

Corporate Structure Analysis for Licensee

Uncovering a complex corporate network with insolvency history for a wholesaler claiming licensing rights.

Situation

A trademark holder commissioned verification of a Portuguese wholesaler claiming international brand licenses. The research was to uncover actual ownership structure and potential risk factors.

Methodology

Corporate network analysis: parent company, subsidiaries, ultimate beneficial owner. Research in business histories, insolvency registries, and ownership relationships.

Result

Complex corporate network with restructuring of shareholder stakes to family members shortly before the inquiry. Multiple dissolved or insolvent companies of the UBO identified. Complete presentation of ownership relationships and risk indicators.

UBO ResearchCorporate StructureInsolvency

Digital Executive Protection

Digital Executive Protection

Digital Footprint of a Senior Executive

Analysis of online visibility of a board member to assess digital exposure.

Situation

The corporate security department of a German company commissioned an analysis of the online visibility of a board member. Goal: assess digital exposure as foundation for measures to increase personal security.

Methodology

Systematic OSINT research: corporate databases, commercial services, social media analysis of family members, data broker platforms, leak databases.

Result

Significant exposure risks: Former private addresses retrievable through supervisory board positions, current address discoverable through commercial services, an obituary led to identification of the entire family. Categorized risk assessment with concrete recommendations.

Executive ProtectionDigital FootprintRisk Assessment

Similar Case? Let's Talk.

Every investigation begins with a confidential conversation. We analyze your situation and develop a tailored strategy.

Request Consultation+49 2163 349 00 80
Case Studies | corma – Successful Investigations