1. Prior to any incident happening, it is important for any company to implement a “forensic readiness” plan. Discuss the benefits of a forensic readiness plan and name what you believe are the top three (3) requirements to establish forensic readiness within a private sector business like Allied Technology Systems. Support your answers. (Please note that while cyber security and digital forensics have overlaps in incident response preparation, please limit your answers here to forensic readiness in the digital forensic arena, not cyber security.)
A forensic readiness plan prepares and organization for a legal proceeding in a court of law or employment tribunal. It ensures that there are lower costs for investigating any digital crime within the organization, and blocks any attempt by malicious employees to cover their digital footprints. Indeed, for digital forensic readiness to be guaranteed, several measures have to be put in place. These include; an internal legal mechanism that gathers evidence without interfering with the business process, a backup mechanism for all the digital records and database logs within the organization and a mechanism that ensures a chain of custody in order to have admissible evidence if and when presented before a court of law (Perumal, 2009). A forensic readiness plan also needs to be well designed to cater for the organization’s structure as it is, with little exposure to the organization’s lower cadres.
2. Mr. Roberts, out of concern for the theft/sharing of the “Product X” source code, is requesting that you, your supervisor, or Mr. Dewberry start searching the areas in which Mr. Jackson had access within the building. Can you or Mr. Dewberry search Jackson’s assigned locker in the Company’s on-site gym for digital evidence? Support your answer.
No, it would not be prudent to have any of the team search Mr. Jackson’s locker at the moment. This is because, in as much as he has been dismissed, he has a right to privacy and his belongings are catered for by the fourth amendment. Indeed, Mr. Jackson may be a potential espionage threat to the organization, but searching his personal effects would be illegal and a violation of his fourth amendment rights. Without a search warrant, he may sue the company for infringement of privacy rights and invasion of personal space. It would thus suffice to find another way to know what he keeps in his lockers and the rooms he has access to. However, for public places where he visits and walks about, searching these areas may not be an intrusion of his privacy and may indeed present various leads (Ademu, Imafidon, & Preston, 2011).
3. Can you or Mr. Dewberry use a master key to search Jackson’s locked desk for digital evidence, after Keith Jackson has left the premises? Support your answer.
Using a master key to search Jackson’s locker for evidence is criminal. It is against ethical principles and a grave misconduct. It is vital that the evidence locked inside by unmasked in other ways. One way to do this is to question him, and ask him to present it. Lack of support from Mr. Jackson may thus invite federal action and pursuant warranties against him at home and at the workplace. Making it known to him that the organization is seeking such measures against him may assist in getting his cooperation early. However, breaking and tampering into his local desk is a violation of his rights and may proof a futile and dangerous effort. Private investigations need to be very discrete and tolerant (Chung, et al., 2012).
4. The police have not been called or involved yet, however, Mr. Roberts asks how involving the police will change your incident response. Describe how you will respond to Mr. Roberts concerning how the parameters of search and seizure will change by involving the police in the investigation at this time. Support your answer.
Before the police are involved, everything needs to be done discretely. Most of the information sought has to be with Mr. Jackson’s consent and the investigation is highly premised on his cooperation. However, in the event that the police are involved, they will seek a warrant to search his personal effects before he can have a chance to hide the digital media (Agarwal, et al., 2011). He may also be coerced legally to submit all his electronic devices for digital footprint investigations. His house could also be searched, including his car and any other location he may have hidden company property. With the police on board, it is likely that the cooperation received from Mr. Jackson will be much higher than before. She may even surrender and cooperate before it gets to that extent. Involving law enforcement in investigations makes the work easier and more effective (Chung, et al., 2012).
5. There is a page in the Company’s “Employee Handbook” that states that anything brought onto the Company’s property, including the employees themselves, are subject to random search for items belonging to Allied Technology Systems. There is a space for the employee to acknowledge receipt of this notice. Mr. Jackson has a copy of the handbook but never signed the receipt page. Does that matter? Explain.
Legally speaking, ignorance is no excuse. The company needs to prove that Mr. Jackson was aware of these regulations and that he had verbally consented. This can be done by presenting a witness to this effect. A case may also be made to the effect that he on several occasions submitted to security searches at the gate or within the organization. Where it is not possible to make a case for his previous searches, it may help to involve the police early. This is because, any attempt to force him to present his personal effects for searching may not only lead to resistance but a possible law suit. The organization needs to be wary of law suits at this point as the employee is dispensable and may be making attempts to blackmail or sabotage the organization. Having the police seek a warrant in this case would be the most advisable thing to do (Perumal, 2009).
6. Allied Technology Systems uses a security checkpoint at the entrance to the building. A sign adjacent to the checkpoint states that the purpose of the checkpoint is for security staff to check for weapons or other materials that may be detrimental to the working environment and employee safety. Screening is casual and usually consists of verification of an employee’s Company ID card. Can security staff at this checkpoint be directed to open Mr. Jackson’s briefcase and seize any potential digital evidence? Support your answer.
Yes, the checkpoint may be a good loophole to work with in this case. This is because, within the realm of the security desk is their right to search for missing company items. Theft of digital content can be a case for criminal proceedings against Mr. Jackson. It would thus help to ensure that Mr. Jackson is first warned of the impromptu check for the missing digital company items. Upon being notified, he should be told to present his belongings for search as he is no longer a company employee. Any effort to resist a search can be easily thwarted by alerting the police. In this case, the police would detain him for a short time while processing his warrant. Upon getting the warrant, the next step would be to search his bag for any company property bagged illegally, before proceeding to search his house (Valjarevic & Venter, 2012).
7. You know that it is important to document the details of your investigation if the company wants to insure admissibility of any evidence collected in the future. However, Mr. Roberts has never heard of the term “chain of custody.” How would you explain to Mr. Roberts what the chain of custody means, why it is important, and what could occur if the chain of custody is not documented? Support your answer.
The chain of custody is the documentation of the paper trail that details the steps through which evidence; whether physical or digital was handled, transferred or analyzed. The paper trail also indicates the necessary actions taken by the investigators as well as the name of those involved in the investigation (Agarwal, et al., 2011). It is legally used to ensure that the evidence presented in court is not only admissible but chronologically presented for easier presentation of prosecution evidence. It the chain of custody is not documented, the defense in Mr. Jackson’s case may make a strong case for tampering with evidence. This is a serious offense in many courts and may not only lead to a dismissal of the case, but a countersuit on behalf of the company. Contaminated evidence is also a challenge that needs to be addressed. Every item presented as evidence needs to be well handled and properly documented (Perumal, 2009).
Ademu, I. O., Imafidon, C. O., & Preston, D. S. (2011). A new approach of digital forensic model for digital forensic investigation. Int. J. Adv. Comput. Sci. Appl, 2(12), 175-178.
Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). Systematic digital forensic investigation model. International Journal of Computer Science and Security (IJCSS), 5(1), 118-131.
Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital investigation, 9(2), 81-95.
Perumal, S. (2009). Digital forensic model based on Malaysian investigation process. International Journal of Computer Science and Network Security, 9(8), 38-44.
Valjarevic, A., & Venter, H. S. (2012, August). Harmonised digital forensic investigation process model. In Information Security for South Africa (ISSA), 2012 (pp. 1-10). IEEE.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more