We had one of our employees steal data from the company and gave it to one of our competitors...”
Typical digital forensic investigation scenarios:-
- An employee or ex-employee:
- exfiltrate emails, intellectual property or other confidential information;
- deletes intellectual property, important or confidential information;
- sells your products or services on the side;
- makes fraudulent payments or other expense claims;
- compromises your digital security by visiting harmful websites;
- manipulates or otherwise alters digital records;
- misuses company assets by storing child pornography etc. on the servers/computers and deletes the evidence;
- hack confidential user accounts etc.
- External cybercrime where a perpetrator:
- uses your company identity for nefarious purposes;
- gains access to your systems:
- by performing an SQL, brute force, DOS or other forms of attack;
- using identity theft, social engineering, phishing, spoofing or by other means.
What can you expect from a digital forensic investigation?
We will endeavour to extract, recover and analyse digital evidence from all electronic data storage devices that may have been used to determine and report the who, what, when, where, why and how of an incident, e.g.:-
- Who was using the device?
- Who opened, executed, emailed, copied or deleted the data - to whom was the data sent, who else was involved or had access to the device or data?
- What happened?
- What data was accessed, copied, sent, printed, screen captured, deleted, obfuscated, password protected or encrypted - what applications or devices were used, what programs were installed, deleted or uninstalled, what other data could have been affected, what websites, social media, online communication, forums, file storage sites etc. were visited, what was posted or uploaded, what was the sequence of the events?
- When did this happen?
- When was the data accessed, copied, sent, printed, screen captured or deleted - when were the applications or devices used, installed, deleted or uninstalled?
- Where did this take place?
- Where else is the data located, where was the data sent, uploaded, copied or printed to?
- Why did it happen?
- Are there any correspondence, metadata or activity logs that could assist in answering this question?
- How was it done?
- How was the data accessed or compromised, how did the data get on or off the device, how did the person communicate with other people?
Tags: Digital Forensics Computer Forensics Data Forensics Electronic Forensics Digital Search And Seizure Digital Evidence Digital Forensic Investigation Data Message Forensics Electronic Evidence Forensic Duplicates Intellectual Property Theft Data Theft