Digital Forensics: Steps Taken as an Expert Forensic Examiner
Added on 2023-06-15
14 Pages4268 Words500 Views
Running head: DIGITAL FORENSICS
Digital Forensics
Name of the Student
Name of the University
Author Note
Digital Forensics
Name of the Student
Name of the University
Author Note
1DIGITAL FORENSICS
Question 1: Steps taken as an expert forensic examiner
Advice to the CEO
I would advise the CEO Mr. Sanchez to restrict any access to the USB memory stick, the
CDs and the mobile phone that was collected from the Mr. Smith’s Desk area. These steps are
necessary to safeguard the evidence against any external threats (Taylor, Fritsch and Liederbach
2014). Any alteration to the data would be disastrous for the investigation. The CEO suspects
that the USB memory stick contains confidential data stolen from the company. The CDs may or
may not be relevant to the case at all. However, I would rather examine every evidence than
ignore critical information. Therefore, I would request Mr. Sanchez to keep all the evidence that
he has gathered in a secure place and not tamper with them. This step is crucial for holding the
evidence credible in court (Grimm, Capra and Joseph 2017). Otherwise if the evidence is found
to be tampered with at any phase of the investigation, the culprit will get away and we would not
be able to prove his guilt (Mauet. and Wolfson 2015). Investigations of any criminal activity
often creates a struggle for cooperation from the employees (Boddy 2014). Thus, I would
strongly recommend the active participation of the CEO and the senior executives to aid in
achieving full co-operation from the employees of the company. On hearing that the server is
kept in an open cabinet, I immediately requested Mr. Sanchez to lock the cabinet to the Titanic01
server. The data stored on the server is of utmost importance for the investigation as the email
logs and the internet activity logs are stored on that server. Mr. Smith’s workstation must be kept
powered on. This would keep all the current computer processes active until I arrive. The
printers should not be switched off however they must be prevented from unauthorized printing
of any confidential document by Mr. Burman or any other associate of Mr. Smith who have not
surfaced yet. I would also request Mr. Sanchez to provide me with the email logs. Any
Question 1: Steps taken as an expert forensic examiner
Advice to the CEO
I would advise the CEO Mr. Sanchez to restrict any access to the USB memory stick, the
CDs and the mobile phone that was collected from the Mr. Smith’s Desk area. These steps are
necessary to safeguard the evidence against any external threats (Taylor, Fritsch and Liederbach
2014). Any alteration to the data would be disastrous for the investigation. The CEO suspects
that the USB memory stick contains confidential data stolen from the company. The CDs may or
may not be relevant to the case at all. However, I would rather examine every evidence than
ignore critical information. Therefore, I would request Mr. Sanchez to keep all the evidence that
he has gathered in a secure place and not tamper with them. This step is crucial for holding the
evidence credible in court (Grimm, Capra and Joseph 2017). Otherwise if the evidence is found
to be tampered with at any phase of the investigation, the culprit will get away and we would not
be able to prove his guilt (Mauet. and Wolfson 2015). Investigations of any criminal activity
often creates a struggle for cooperation from the employees (Boddy 2014). Thus, I would
strongly recommend the active participation of the CEO and the senior executives to aid in
achieving full co-operation from the employees of the company. On hearing that the server is
kept in an open cabinet, I immediately requested Mr. Sanchez to lock the cabinet to the Titanic01
server. The data stored on the server is of utmost importance for the investigation as the email
logs and the internet activity logs are stored on that server. Mr. Smith’s workstation must be kept
powered on. This would keep all the current computer processes active until I arrive. The
printers should not be switched off however they must be prevented from unauthorized printing
of any confidential document by Mr. Burman or any other associate of Mr. Smith who have not
surfaced yet. I would also request Mr. Sanchez to provide me with the email logs. Any
2DIGITAL FORENSICS
investigation on digital forensics must be kept a secret for as long as possible to preserve the
data, which otherwise might be deleted by the associates of the culprit (Scheindlin 2016). I
would also require some oral evidence through the interview process (Graham et al. 2016). Thus.
I would request the CEO to arrange for interviews with himself, an HR personnel and an IT
personnel. It must be made clear that the agenda for the interview is for evidence collection only.
They can even have the presence of a third party during the interview. I would also advice Mr.
Sanchez to thoroughly search Mr. Burman for any storage devices before escorting him out of
the premises for the gardening leave. Mr. Sanchez should also inform the appropriate law
authorities about the incidents of a possible data theft. This is step is vital as the culprits must be
prosecuted in the event of that any confidential data was stolen from the company (Shastri and
Sharma 2016)
The Interview
I would interview the CEO, the HR representative and the member of the IT staff
separately at first to gather oral evidence. Then I would conduct another interview with the three
of them together to identify and record any missing information.
There are several questions that I would like to ask the CEO, Mr. Sanchez. My first
question would be aimed at understanding the relationship between Mr. Smith and Mr. Sanchez.
From the scenario elaboration by Mr. Sanchez, it is evident that they were very close and even
shared professional secrets. The point of suspicion was not entirely baseless. Therefore, I would
refresh the scenario as accounted by Mr. Sanchez. This would help to identify and additional
information that may have been overlooked by Mr. Sanchez during the phone call. During the
experience recall, I would ask about his encounters with Mr. Smith and Mr. Burman. I would
also ask about his thought process that led him to think that they might have stolen data from the
investigation on digital forensics must be kept a secret for as long as possible to preserve the
data, which otherwise might be deleted by the associates of the culprit (Scheindlin 2016). I
would also require some oral evidence through the interview process (Graham et al. 2016). Thus.
I would request the CEO to arrange for interviews with himself, an HR personnel and an IT
personnel. It must be made clear that the agenda for the interview is for evidence collection only.
They can even have the presence of a third party during the interview. I would also advice Mr.
Sanchez to thoroughly search Mr. Burman for any storage devices before escorting him out of
the premises for the gardening leave. Mr. Sanchez should also inform the appropriate law
authorities about the incidents of a possible data theft. This is step is vital as the culprits must be
prosecuted in the event of that any confidential data was stolen from the company (Shastri and
Sharma 2016)
The Interview
I would interview the CEO, the HR representative and the member of the IT staff
separately at first to gather oral evidence. Then I would conduct another interview with the three
of them together to identify and record any missing information.
There are several questions that I would like to ask the CEO, Mr. Sanchez. My first
question would be aimed at understanding the relationship between Mr. Smith and Mr. Sanchez.
From the scenario elaboration by Mr. Sanchez, it is evident that they were very close and even
shared professional secrets. The point of suspicion was not entirely baseless. Therefore, I would
refresh the scenario as accounted by Mr. Sanchez. This would help to identify and additional
information that may have been overlooked by Mr. Sanchez during the phone call. During the
experience recall, I would ask about his encounters with Mr. Smith and Mr. Burman. I would
also ask about his thought process that led him to think that they might have stolen data from the
3DIGITAL FORENSICS
company. Smith did not hesitate to tell Mr. Sanchez about his endeavours after leaving the
company that is what creates confusion in the interview process. Even what is more confusing is
that he left the USB memory drive containing the list of the clients in his office. An employee
would know that he would be put on gardening leave as soon as he hands in the letter of
resignation. However, he handed his letter of resignation without clearing his desk area of any
evidence that showed his theft of data. I would then move on to question him about the research
that he has conducted on Mr, Smith and Mr. Burman’s new company and the level of threat that
Mr. Sanchez predicts if they successfully launch their company. This step is to ensure that Mr.
Sanchez had no influence over the evidence. This is relevant for the investigation as an
investigator must cover all perspectives and not fixate on a single person who may or may not be
a culprit.
The next round of interview is with the HR Director of Needful Things Ltd, Mr. Gilberto
Moody. The purpose of this interview would be to understand the attitude of the employees
towards upholding the interests of the company. The questions in this interview would address,
identify and analyze the steps taken by the human resource department to restrict the free flow of
information among the different levels of employee present within the organization. The next set
of questions that I would ask would pertain to the steps that were taken by the HR department to
create awareness among the employees about IT security and the consequences of stealing data
from the company. Most companies often fire the employees who indulge in such practices.
However, it is the responsibility of the HR department to impose rules that would compel the
company to undertake stricter actions in case of such theft.
The agenda of this interview to understand the attitude of Needful Things Ltd towards
data security as this situation has risen due to the lack of IT security in the company. I conducted
company. Smith did not hesitate to tell Mr. Sanchez about his endeavours after leaving the
company that is what creates confusion in the interview process. Even what is more confusing is
that he left the USB memory drive containing the list of the clients in his office. An employee
would know that he would be put on gardening leave as soon as he hands in the letter of
resignation. However, he handed his letter of resignation without clearing his desk area of any
evidence that showed his theft of data. I would then move on to question him about the research
that he has conducted on Mr, Smith and Mr. Burman’s new company and the level of threat that
Mr. Sanchez predicts if they successfully launch their company. This step is to ensure that Mr.
Sanchez had no influence over the evidence. This is relevant for the investigation as an
investigator must cover all perspectives and not fixate on a single person who may or may not be
a culprit.
The next round of interview is with the HR Director of Needful Things Ltd, Mr. Gilberto
Moody. The purpose of this interview would be to understand the attitude of the employees
towards upholding the interests of the company. The questions in this interview would address,
identify and analyze the steps taken by the human resource department to restrict the free flow of
information among the different levels of employee present within the organization. The next set
of questions that I would ask would pertain to the steps that were taken by the HR department to
create awareness among the employees about IT security and the consequences of stealing data
from the company. Most companies often fire the employees who indulge in such practices.
However, it is the responsibility of the HR department to impose rules that would compel the
company to undertake stricter actions in case of such theft.
The agenda of this interview to understand the attitude of Needful Things Ltd towards
data security as this situation has risen due to the lack of IT security in the company. I conducted
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Digital Forensicslg...
|16
|4333
|263