We can work on Investigative Plan of Action

As more companies store information electronically, there is an increased need for digital forensics to discover the trails of illegal or malicious acts. In this task, you will use the scenario to develop an investigative plan of action that will prepare your investigative team to conduct an analysis on the gathered evidence.

Scenario

An oil company’s senior management has reason to suspect that John Smith, one of the company’s mechanical engineers, allegedly took information that was clearly identified as proprietary. The company’s legal office has requested digital evidence regarding the potential violation of company policy, which prohibits the sharing of proprietary information without prior approval. The employee was not authorized to access proprietary information. All employees sign nondisclosure agreements (NDAs) and acceptable use policies (AUPs). Senior management and the legal office have approved the request for digital evidence.

You are a member of the investigative team asked to develop an investigative action plan.

Requirements

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

A. Create an investigative plan of action based on forensic best practices or standards that your team will implement by doing the following:

  1. Discuss the strategy that your team will use to both maximize the collection of evidence and minimize the impact on the organization.
  2. Describe the tools and techniques your team will use in evidence gathering, preparation, and analysis.
  3. Describe how your team will collect and preserve required evidence using standardized and accepted procedures.
  4. Describe how your team will examine the seized evidence to determine which items are related to the suspected violation of company policy.
  5. Discuss an approach that your team will use to draw conclusions based on the digital evidence that supports the claim of a policy violation.
  6. Discuss how the case details and conclusions should be presented to senior management.
find the cost of your paper
facebookShare on Facebook

TwitterTweet

FollowFollow us

Sample Answer

 

 

 

 

Investigative Action Plan: John Smith Proprietary Information Theft

Case Summary: John Smith, a mechanical engineer at the oil company, is suspected of misappropriating proprietary information. Senior management and legal counsel have authorized a digital forensic investigation. This plan outlines the steps our investigative team will take to gather, analyze, and present digital evidence related to the alleged policy violation.

A. Investigative Plan of Action:

1. Strategy for Evidence Collection and Minimizing Organizational Impact:

Our strategy will prioritize a phased approach, minimizing disruption to the company’s operations. We will begin by gathering volatile data (RAM, network connections) if deemed necessary by legal counsel, followed by imaging John Smith’s company-issued laptop/desktop.

Full Answer Section

 

 

 

 

We will work closely with IT to schedule imaging during off-peak hours to minimize downtime. We will use a write-blocker to prevent any changes to the original data during the imaging process. We will also document all actions taken, including the time, date, and individuals involved. We will emphasize maintaining confidentiality throughout the investigation.

2. Tools and Techniques:

  • Evidence Gathering: FTK Imager (for disk imaging), EnCase (for advanced analysis), Autopsy (open-source alternative). We will also utilize system logs, network monitoring tools, and email server logs.
  • Evidence Preparation: We will create forensic copies of all evidence using write-blockers. We will maintain a strict chain of custody documentation.
  • Evidence Analysis: We will use keyword searches, timeline analysis, and data carving techniques to identify relevant files and data. We will analyze email communication, document access logs, and USB device connection history.

3. Evidence Collection and Preservation:

  • Chain of Custody: A detailed chain of custody form will be initiated and meticulously maintained, documenting every individual who handles the evidence, the date and time of transfer, and the purpose of the transfer.
  • Imaging: A forensic image of John Smith’s company-issued laptop/desktop will be created using a hardware write-blocker to prevent any alteration of the original data. The image will be stored on a secure, write-protected drive.
  • Data Acquisition: Relevant data from email servers, network logs, and other relevant sources will be acquired following established forensic procedures.
  • Evidence Storage: All evidence will be stored in a secure, access-controlled location, protected from environmental damage and unauthorized access.

4. Evidence Examination:

We will analyze the acquired data to identify evidence related to the alleged policy violation. This will involve:

  • Keyword Searches: Searching for keywords related to proprietary information (e.g., project names, specific technologies, client names).
  • Timeline Analysis: Creating a timeline of John Smith’s computer activity to identify any unusual or suspicious behavior, particularly around the time the proprietary information was allegedly taken.
  • File Analysis: Examining file metadata (creation dates, modification dates, access times) to identify any unauthorized access or transfer of files.
  • Email Analysis: Reviewing John Smith’s emails for any communication related to the proprietary information.
  • Data Carving: Attempting to recover deleted files that may contain relevant evidence.

5. Drawing Conclusions:

We will analyze the digital evidence to determine if it supports the claim that John Smith violated company policy. This will involve:

  • Correlating Evidence: Connecting different pieces of evidence to build a comprehensive picture of John Smith’s actions.
  • Establishing Intent: Analyzing the evidence to determine if there is evidence of intent to misappropriate proprietary information.
  • Documenting Findings: Clearly documenting all findings in a detailed report, including the evidence collected, the analysis performed, and the conclusions reached. We will avoid speculation and focus on factual evidence.

6. Presentation to Senior Management:

The case details and conclusions will be presented to senior management in a clear, concise, and professional manner. The presentation will include:

  • Executive Summary: A brief overview of the case, the findings, and the conclusions.
  • Evidence Summary: A summary of the key pieces of digital evidence that support the claim of a policy violation.
  • Timeline of Events: A visual representation of the key events in the case, showing the timeline of John Smith’s actions.
  • Legal Considerations: A discussion of any legal implications of the findings.
  • Recommendations: Recommendations for further action, including disciplinary measures or policy changes.

The presentation will be objective and data-driven, focusing on the factual evidence and avoiding any personal opinions or biases. We will be prepared to answer questions from senior management and legal counsel. All findings and conclusions will be clearly linked to specific evidence gathered during the investigation.

This question has been answered.

Get Answer

Is this question part of your Assignment?

We can help

Our aim is to help you get A+ grades on your Coursework.

We handle assignments in a multiplicity of subject areas including Admission Essays, General Essays, Case Studies, Coursework, Dissertations, Editing, Research Papers, and Research proposals

Header Button Label: Get Started NowGet Started Header Button Label: View writing samplesView writing samples

Custom Written Work

Guaranteed on Time

Achieve the Grade You ordered