Expert Witness Profiler | Deep Research and Background Information on Experts

Digital Forensics Expert’s Analysis of Website Activity Considered Relevant

Posted on July 1, 2025 by Expert Witness Profiler

This is a copyright infringement action filed by CoStar Group, Inc. and CoStar Realty Information, Inc. (collectively, “CoStar”) in September 2020 against Commercial Real Estate Exchange Inc (“CREXi”).

CoStar is a company that provides commercial real estate (“CRE”) information, analytics, and online property listing marketplaces. It owns and operates LoopNet.com, a digital marketplace platform for CRE listings. CoStar contended that CREXi has engaged in “mass infringement” of CoStar’s photographs. Apparently, CREXi and its BPOs copied listing information, including images, from LoopNet when a listing could only be found on LoopNet, and that CREXi would take screenshots of photos or otherwise crop out CoStar’s watermarks from photos to build out listings on its website.

CREXi filed a Daubert Motion to exclude the opinions of CoStar’s expert, Mr. Daniel Roffman. CoStar retained Roffman to opine on CREXi’s access to the LoopNet website.

Digital Forensics Expert Witness

Daniel E. Roffman is Vice President in the Forensic Services Practice. He has over 20 years of digital forensics and information security consulting experience, helping clients protect their most valuable information, and investigating allegations of trade secret theft and cyber incidents.

He has extensive testimony experience working on behalf of both plaintiffs and defendants and has served as a court-appointed neutral expert on theft of trade secret cases. Roffman has also testified on a range of other digital forensic subjects including software piracy, cyber investigations, and electronic document authenticity issues.

Want to know more about the challenges Daniel Roffman has faced? Get the full details with our Challenge Study report

Discussion by the Court

Roffman was supposed to analyze LoopNet logs and identify what activity in those logs can be attributable to CREXi and its representatives (including CREXi employees and third-party vendors CREXi retained to complete certain work).

To begin with, Roffman explained how IP addresses can be used to identify users and track their activity on a website, LoopNet’s tools for logging activity (referred to as “hits”) on its website during a “session,” and how users “anonymous online campaigns” attempt to mask user activity through virtual private networks (“VPNs”), outsourcing tasks to third-party business process outsourcing companies (“BPOs”), and rotating through multiple IP addresses in a single session.

Rule 403

Basically, CoStar’s theory of copyright infringement is that CREXi copied its images from LoopNet “on a massive scale,” including by having BPOs copy images from CoStar, crop out CoStar’s watermark logo, and upload them onto CREXi’s website, and that this activity was a company policy at CREXi.

Given that CoStar’s theory of the case is “mass infringement” by CREXi, the Court found that Roffman’s opinions are not substantially more prejudicial than probative. 

Accordingly, Roffman’s analysis of the volume of activity on LoopNet’s website attributable to CREXi is relevant to and probative of whether CREXi employees and BPOs copied images off of LoopNet.

Rule 702

CREXi contended that Roffman’s opinions are unreliable because IP addresses identify a computer network, not an individual user. But if an IP address is identified as a computer network associated with CREXi, including activity from users on that computer network would likely show activity by users associated with CREXi. Roffman’s testimony attempts to identify LoopNet activity by CREXi and its BPOs. To the extent CREXi contended that this does not accurately capture activity attributable to CREXi, the Court held that it is free to challenge Roffman’s approach on cross-examination.

Next, CREXi argued that Roffman’s opinions unreasonably assumed that activity from certain IP addresses containing no indicators, which appeared in the same sessions as IP addresses with an indicator, is also attributable to CREXi. Roffman explained why he “swept in” activity from IP addresses with no indicator of CREXi—if a user accessed LoopNet from a “CREXi Referring Website” once, only the activity from that particular session would appear as associated with CREXi. Other activity from that IP address where a user did not access LoopNet through a CREXi Referring Website would be left off of the activity log results. Thus, Roffman included activity from these IP addresses to capture potential CREXi activity where a VPN or rotating IP addresses were employed.

Roffman relied on both IP addresses and sessions, which capture multiple IP addresses associated with one user in a session. He acknowledged that his approach to this analysis “may still be over inclusive,” despite taking measures to remove some data that appeared associated with CoStar’s clients, CoStar, and private IP addresses. 

Held

The Court denied the Defendant’s Daubert motion to exclude the opinions of Daniel E. Roffman.

Key Takeaway:

Roffman sufficiently explained his methodology, which is sound and based on his expertise in digital forensics. Again, to the extent CREXi disagreed with Roffman’s methodology because the results may be overinclusive, it is free to challenge his opinions on cross-examination. But questions that go to weight, not admissibility, are for the jury to decide—not the Court.

Case Details:

Case Caption:Costar Group, Inc. Et Al V. Commercial Real Estate Exchange Inc.
Docket Number:2:20cv8819
Court Name:United States District Court, California Central
Order Date:June 26, 2025

You Might Also Like