¶ … Theft:
The emergence of the digital age due to rapid technological advancements has transformed nearly every facet of today's societies. While the developments have contributed to significant benefits in the society, they have also resulted in the development of new means for carrying out illegal activities. An example of such cases is the way technological advancements have transformed employee data theft. Employees no longer steal files from the company but can access a firm's confidential information and secrets through the use of computers and the Internet. The most commonly used tools by employees to take confidential information include smart phones, messenger services, and emails. Therefore, companies need to be adequately prepared to respond quickly to data theft and preserve probable evidence.
Employee Data Theft Scenario:
A large aerospace engineering company has immediately hired me as a consultant to investigate a probable violation of company policy and data theft. There is suspicion that an employee may have been using the firm's corporate email to send confidential corporate information to one or more individual email accounts. These individual email accounts may or may not belong to the suspected employee. This action has been taking place for nearly two working weeks and the employee is unaware of the suspicion.
Initial Actions in Investigating the Case:
Similar to many incidents of employee data theft, the investigation of this data theft case started with the firm's suspicion of such practices. While the suspicion is based on little to no evidence, the current circumstances, especially the activities in the past 13 business days, indicate the probability of the occurrence of data theft. Since the employee is currently unaware of the company's suspicion, there is need to carry out important initial actions that could help in uncovering the activities and collecting potential evidence that can be used against the employee in a lawsuit. Generally, employees involved in data theft usually steal data days, weeks, or months before they decide to resign from their work duties in the company. This process makes it difficult to determine the legitimacy of data transfers or transmission of confidential information. Furthermore, the employee will not only copy the corporate information for legitimate reasons but will also make a stolen copy of the information at the same time.
Based on the information presented in this case, the company did not have enough evidence to incriminate the employee of data theft. Secondly, it seems like the employee was copying the corporate information for illegitimate reasons. The illegitimacy of the employee's actions was fueled by the fact that he sent the corporate information to at least one personal email accounts that could either belong to him or someone else. The initial actions I would undertake as an investigator based on the provided information include & #8230;.
Determine My Priorities:
The first step in investigating the case based on guidelines for basic incident response is to determine my priorities in dealing with the data theft. These priorities would form the basis for any further activities that would be conducted to investigate the data theft. The priorities will also help in determining rapid response to prevent the employee from using the data immediately after it is stolen ("Data Theft," 2009). Some of the major priorities in this case include detecting the timing and scope of data theft, determining the method used to steal corporate information, and preventing the creation of further copies or more distribution of the stolen information. The other priorities include preventing the employee from making use of the stolen corporate information, examine the appropriate regulatory or legal action for the employee, and prevent further occurrence of data theft.
Identify Potential Evidence:
The second step after determining priorities is to identify potential evidence of suspicion of theft of corporate information by the employee. While data theft is a difficult crime to investigate, it's an offense that leaves a substantial deal of trace evidence on the computer systems, networks, and storage devices. The identification of potential evidence requires computer forensic techniques to recover the information in a way that it can be used as evidence in a court of law. This process will not only involve determining potential evidence but also correlating diverse kinds of evidence in order to create a coherent picture ("Data Theft," 2009).
The first step towards identifying potential evidence in this scenario is to obtain a copy of corporate policy and regulations of data theft. This will be followed by examining the policy to identify the violation and data theft and whether the organization has effectively communicated this policy to its employees. Secondly, copies of the email messages and corporate email...
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now