For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist,an employee of the Makestuff Company, assigned to the company’s Incident Response Team.
In this case, you have been notified by Mr. Hirum Andfirum, Human Resources Director for the Makestuff Company, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause. Mr. Andfirum tells you that at Mr. Yourprop’s exit interviewearlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Makestuff, with ALL I have to offer.” Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor). In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years. Mr. Andfirum provides you a copy of the source code to use in your investigation. Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in the future, so anything you do should be with thought about later potential admissibility in court.
The 4th Amendment to the U.S. Constitution reads, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” While the 4th Amendment is most commonly interpreted to only affect/restrict governmental power (e.g., law enforcement), the fact that a formal criminal investigation is a possibility (and the Company has no desire to be named in a civil lawsuit) means you must consider its effect your actions.
For the purpose of this Project, you are still the InfoSec Specialist for the Makestuff Company. Consider this project a continuation of the work you performed in Project 1.
With the scenario in mind, thoroughly answer the following questions (in paragraph format, properly citing outside research, where appropriate):
1. What permissions/authorities should you have before you search Mr. Yourprop's former Company work area, and how would you document that authority?
2. Look at the photo of Mr. Yourprop's work area. (See file attachment Work_Area.jpg) Identify three (3) potential items ofdigital evidence you see in the photo. For EACH item of digital evidence you identified, explain what potential use that item would be to your investigation (e.g., what type of data that item might hold) AND how you would collect that item as evidence (with emphasis on your care and handling of that item consistent with digital forensic best practices described in your textbook).
3. Look at the photo of Mr. Yourprop's work area. (See file attachment Work_Area.jpg) Identify three (3) potential items ofnon-digital evidence you see in the photo. For EACH item of non-digital evidence you identified, explain what potential use that item would be to your investigation AND how you would collect that item as evidence.