Suppose a large aerospace
engineering firm has immediately hired you as a consultant to investigate a
potential violation of corporate policy and data theft. You have been informed
that an employee may have been using corporate email to send confidential corporate
information to one or more personal email accounts, which may or may not belong
to him. You have been told that this action has been happening each business
day for the last 13 days and the employee is unaware of any suspicion.
Write an eight to ten (8-10)
page paper in which you:
Explain, in detail, the initial actions you would
take based on the provided information including formal plans to preserve the
crime scene(s) and eventual transportation of evidence to a lab.
Analyze the physical and logical places where you
would look for potential evidence on the suspect’s computer(s) and / or network
servers.
Describe, in detail, how you proceed with the email
investigation, including the review of email headers and tracing.
Describe the processes that would be utilized in
order to recover data that may have been deleted from the suspect’s
computer(s).
Identify the tools you would use to perform your
investigation from beginning to end based on the information you have on the
incident. Provide a brief overview of each tool, to include:
A description of the tool.
How you would use the tool in the investigation.
How the tool helps the investigation and the
evidence you expect it to provide.
Why you believe the evidence the tool provides is
critical to the investigation.
Use at least five (5) quality resources in this
assignment. Note: Wikipedia and similar Websites do not qualify as quality
resources.
