Investigating Data Theft
Suppose a large aerospace engineering firm has immediately hired you as a consultant to investigate a potential violation of corporate policy and data theft. You have been informed that an employee may have been using corporate email to send confidential corporate information to one or more personal email accounts, which may or may not belong to him. You have been told that this action has been happening each business day for the last 13 days and the employee is unaware of any suspicion.
Write an eight to ten (8-10) page paper in which you:
Explain, in detail, the initial actions you would take based on the provided information including formal plans to preserve the crime scene(s) and eventual transportation of evidence to a lab.
Analyze the physical and logical places where you would look for potential evidence on the suspect’s computer(s) and / or network servers.
Describe, in detail, how you proceed with the email investigation, including the review of email headers and tracing.
Describe the processes that would be utilized in order to recover data that may have been deleted from the suspect’s computer(s).
Identify the tools you would use to perform your investigation from beginning to end based on the information you have on the incident. Provide a brief overview of each tool, to include:
A description of the tool.
How you would use the tool in the investigation.
How the tool helps the investigation and the evidence you expect it to provide.
Why you believe the evidence the tool provides is critical to the investigation.
Use at least five (5) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.