The expertise of a qualified digital forensics examiner is needed to release valuable evidence in the case of IP theft.
Nowadays almost every staff member in a large office will have access to one or several computers, potentially hand-held and mobile devices as well. In addition, company personnel will be able to use external peripheral devices, example of which are memory sticks, printers and external hard drives.
The opportunities for staff to misuse these devices can range from.excessive personal use, through wasting company time to theft of sensitive company data.
If misuse is suspected then it is vital to proceed correctly important that the company should act correctly, as digital data are fragile and a wrong move can actually change the data and compromise the case. The services of a qualified digital forensics examiner are required.
THE CASE: The sales manager of a large IT company handed in his notice claiming that he was going to set up his own business in direct competition with his current employer. He took three months garden leave as per the terms of his contract.
Several months later, the company became aware of a gradual fall in revenues. Further analysis revealed that an increasing amount of business was lost to their former sales manager's new company.
The risk manager, who had experience of digital forensic examinations, prevented the IT department from examining the suspect's laptop. This is because any attempt by an individual, who is not a qualified digital forensic examiner, to investigate the device can potentially destroy vital evidence. Even the act of turning on a laptop can compromise the data contained within it, and contaminate the €digital trail'.
WHAT CCL DID: The risk manager contacted our computer forensics specialists, and was given advice on the best way to handle the device. A security-cleared driver was dispatched to collect the laptop, which was immediately placed in a sealed evidence bag to begin the process of maintaining the integrity of the evidence.
The digital forensic examiner took a forensic image of the laptop, which allows the analyst to work on an exact copy of the original device without it having to be switched on. The forensic image contains data about installed programs, live and deleted files, metadata, internal log files, registry entries - in short, there is the potential to recover records of almost any activity that took place on the device.
THE OUTCOME: the digital forensic analyst was able to determine that approximately 30 minutes before the former employee resigned, he copied tens of thousands of records from the CRM system onto a memory stick.
For more information on computer forensics or digital forensics, please call us on 01789 261200 or email firstname.lastname@example.org, or check out Cclgroupltd.com.