Volume Shadow Service Forensic Analysis in Legal Matters Report

Verified

Added on 2022/08/27

AI Summary

This report focuses on the forensic analysis of the Volume Shadow Service (VSS) in the context of legal matters, particularly within organizations dealing with sensitive client data. It emphasizes the importance of data security and the potential risks associated with data breaches and theft. The report details the procedures involved in VSS investigations, highlighting how investigators can examine data editing, copying, and deletion activities on a computer, especially in cases of suspected data theft. It describes the use of VSS to recover deleted or encrypted data, providing insights into the type of documents handled and the actions taken on a specific device. The report also outlines the methodologies for assessing VSS copies, including command prompt queries and offline VSS toolkits. The findings of a VSS analysis are discussed, differentiating between outcomes with and without evidence of data theft, and the subsequent legal and organizational actions that may follow. The report underscores the significance of VSS in providing crucial evidence in data breach investigations and its role in informing legal judgments and company disciplinary measures.

Running head: VOLUME SHADOW SERVICE 1
Volume Shadow Service Forensic Analysis in Legal Matters
Student’s Name
Professor’s Name
Affiliation
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

VOLUME SHADOW SERVICE 2
Volume Shadow Service Forensic Analysis in Legal Matters
Introduction
Data security is one of the most sensitive areas in any organization especially for firms
that keep client payment records in closed network servers. As such, there is need for data
protection protocols that protect client information and prevent employees from accessing
unauthorized data. There are however situations when data security is compromised by employee
seeking to use client information for personal gain (Koyame-Marsh & Marsh, 2014). In such
cases there are several techniques employed by firms like Iridium Electronics LTD to investigate
the performance of data breach and theft crime within the organization. One of the most
prominent used technique is the assessment of Volume Shadow Service (VSS) to examine data
editing, copying, and deletion (Sreeja & Balan, 2016). VSS is employed because it allows for the
retrieval/recovery of data that was encrypted, deleted or wipe for given server or computer hard
disk.
Procedure
The performance of VSS investigation is dependent on the type of computer hardware
being handled and the quantity of information that needs to be recovered. For example, in the
case where Robertson is suspected of having committed data theft it is possible to employ VSS
to examine the type of documents that where handled and deleted on his laptop. The imaging
done to Robertson laptop should allow investigators to gain insight on which data was wipe and
encrypted on a specific date (Day, 2014). Moreover, VSS will allow investigators to determine
whether or not any of the data handled on Robertson’s laptop was related to sensitive company
records. There are two ways through which investigators can assess VSS copies found in a given
laptop. These techniques are command prompt queries, and VSS assess toolkits/software. In the

VOLUME SHADOW SERVICE 3
Robertson case the best approach to employ is that of offline VSS toolkits allowing the
investigators to assess the laptop images from a different computer. The assessment process
involves the mounting of Robertson’s laptop image on a computer tool like Arsenal Image
Mounter that retrieves VSS copies (Ginat & Gupta, 2014).
Findings
Once the Laptop image is analyzed by the investigators there are two possible outcome.
The first is that the is not evidence of data theft because not information could be found through
VSS. And the second outcome is the presence of evidence that Robertson did steal data from the
company servers that could comprise the security of clients’ payment media i.e. credit or debit
cards (Sreeja & Balan, 2016). The first outcome is more complicated given that the failure to
find evidence in Robertson’s laptop does not necessary mean that he is innocent of the data theft
charge. In fact it would necessitate the recruit of law enforcement and outside data investigation
agencies to truly determine the innocence of Robertson. The second outcome is more
straightforward when it comes to delivery of judgment and punishment. The legal department
will likely forward the findings to management who will in turn suspend or terminate Robertson
from the company (Koyame-Marsh & Marsh, 2014). Moreover, the company can forward the
investigation results to the police and file criminal charges against Robertson for the offense of
data theft.

VOLUME SHADOW SERVICE 4
References
Day, D. J. (2014). Seizing Imaging and Analysing Digital Evidence. In B. Akhgar, A. Staniforth,
& F. Bosco, Cyber Crime and Cyber Terrorism: Investigator's Handbook, (1st ed., pp.
71-88). Amsterdam: Elsevier Science.
Ginat, D., & Gupta, R. (2014). Advances in Computed Tomography Imaging Technology.
Annual Review of Biomedical Engineering, 16(1), 431-453.
Koyame-Marsh, R. O., & Marsh, J. L. (2014). Data Breaches and Identity Theft: Costs and
Responses. IOSR Journal of Economics and Finance (IOSR-JEF), 5(6), 36-45.
Sreeja, S. C., & Balan, C. (2016). Forensic analysis of volume shadow copy in Windows 7. 2016
International Conference on Emerging Technological Trends (ICETT) (pp. 1-12). IEEE.

1 out of 4

Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email