- April 10, 2020
1a.Prior to any incident happening, it is important for any company toimplement a “forensic readiness” plan. Discuss the benefits of aforensic readiness plan and name what you believe are the top 3requirements to establish forensic readiness within a private sectorbusiness. Support your answers. (Please note that while cybersecurity and digital forensics have overlaps in incident responsepreparation, please limit your answers here to forensic readiness inthe digital forensic arena, not cyber security.)
Forensicreadiness can be defined as the achievement of an organization of anappropriate level of capability so as to collect. Protect, preserveand analyze digital evidence so that that evidence is usedeffectively especially in any legal matter (Pangalos, 2010). Forensic readiness can also be described as the ability oforganization to maximize its potential in the usage of digitalevidence, while at the same time minimizing the cost of theinvestigation. The importance’s of forensic readiness is that theexpense of the investigation is reduced, the opportunity formalicious insiders to cover their tracks is blocked, the cost ofregulatory and all legal requirements for disclosure of data(Pangalos, 2010).
1b.Name what you believe are the top 3 requirements to establishforensic readiness within a private sector business.
Thetop three requirements for forensic readiness are to produce evidencethat supports organizational disciplinary issues, to validate theimpact of cybercrime or disputes and the reduction of cybercafé.
2.Mr.Jenkins, out of concern for the theft/sharing of the “Product X”source code, is pushing requesting that you or your supervisor startsearching the areas in which Mr. McBride had access within thebuilding. Can (or Mr. McBrides’s supervisor) search McBrides’sassigned locker in the Company’s on-site gym for digital evidence?Support your answer.
Thereis a law that protects phone and computer surveillance. In theelectronic communication privacy Act of 1986, prohibits unauthorizedinterceptions. This interception includes access to any electroniccommunications that includes telephone, email and computer use (Chen,2006).
However,this Act has several exceptions that allow employers to monitoreverything on their systems, the request by Ms Jenkins to search Mr.McBride is justified since the law has business exceptions. Thecompany is allowed to access any communication even if it is personal(Chen, 2006).
3.Can(or Mr. McBrides’s supervisor) use a master key to searchMcBrides’s locked desk for digital evidence after McBride has leftthe premises? Support your answer.
Wheneveran employee leaves an organization, we tend to assume that they areleaving clean. Assuming an employee has left clean is a major mistakedone. Normally, the HR would be quick to check the data on theirlaptops but forget that they can back up crucial and sensitivecorporate data on their phones and other cloud-enabled systems.
TheHR department should, therefore, work hand in hand with the ITdepartment to ensure that access to all the corporate data by theex-employee had been cut and denied. Ms. Jenkins is justified toorder a search of McBride’s locker even after he has left theorganization (Chen, 2006). The act of searching minimizes the risksof McBride’s poaching sensitive data from Greenwood Company.
4.Thepolice have not been called or involved yet, however, Ms. Jenkinsasks how involving the police will change your incident response.Develop a response to Mr. Jenkins that addresses how the parametersof search and seizure will change by involving the police in theinvestigation at this time. Support your answer.
Policeofficers mainly protect lives and property. The criminal investigatorand detectives commonly referred as special agents or agents areresponsible for gathering facts and collection of possible crimes.
Thepolice act on behalf of the society and government to maintain peace,respond to emergencies and to keep the peace. Involving the police inMcBride’s search will aid in ensuring order and peace is maintainedshould he try to get back. Supposing he realizes that his privacy hasbeen intruded. And police also help detect crimes so they wouldadvise on the way forward depending on the outcomes of the search todetermine how much scribes knew (Gill, 2013).
5.Thereis a page in the Company’s “Employee Handbook” that states thatanything brought onto the Company’s property, including theemployees themselves, is subject to random search for items belongingto the Company. There is a space for the employee to acknowledgereceipt of this notice. Mr. McBride has a copy of the handbook butnever signed the page. Does that matter? Explain.
Yes,it does matter. The handbook clearly stipulates the code of conductwithin the organization. And every employee was obliged to adhere toit (Gantz, 2011).
Thefact that McBride’s did not sign shows negligence and violation ofthe organization`s rules. Negligence can be suspicious and should betreated with utmost suspicion.
6.GreenwoodCompany uses a security checkpoint at the entrance to the building. Asign adjacent to the checkpoint states that the purpose of thecheckpoint is for security staff to check for weapons or othermaterials that may be detrimental to the working environment oremployee safety. Screening is casual and usually consists ofverification of an employee’s Company ID card. Can security staffat this checkpoint be directed to open Mr. McBrides’s briefcase andseize any potential digital evidence? Support your answer.
McBride’sceases to become Greenwood`s employee as soon as he sets his feet onhis new job (Daicoff, 2005). He should be treated like any othervisitor or strangers in Greenwood`s premises
7. Youknow that it is important to document the details of yourinvestigation if the company wants to insure admissibility of anyevidence collected in the future. However, Mr. Jenkins has neverheard of the term “chain of custody.” Write an explanation to Mr.Jenkins of what the chain of custody is, why it is important, andwhat could occur if the chain of custody is not documented.
Thechain of custody refers to the chronological documentation. Alsocalled the paper trail. It clearly depicts the seizure, custody,control, transfer, and disposition of physical evidence. The evidencecan also be electronic (Hawthorne, 2007).
Itis very easy to misinterpret data coming from forensic software thatis why it is imperative to document data from exactly where it came.People can be prosecuted for failing to document the chain ofcustody.
Chen,K. C., Chen, Z., & Wei, K. J. (2009). Legal protection ofinvestors, corporate governance, and the cost of equity capital.Journal of Corporate Finance, 15(3), 273-289.
Daicoff,S. S. (2005). The law as a healing profession: The comprehensive lawmovement. Pepperdine Dispute Resolution Law Journal, Fall, 06-12.
Gantz,J., & Reinsel, D. (2011). Extracting value from chaos. IDC iview,1142, 1-12.
Gill,M. (2013). Engaging the corporate sector in policing: Realities andOpportunities. Policing, pat009.
Hawthorne,M. J. (2007). U.S. Patent No. 7,188,009. Washington, DC: U.S. Patentand Trademark Office.
Pangalos,G., Ilioudis, C., & Pagkalos, I. (2010, June). The importance ofcorporate forensic readiness in the information security framework.In Enabling Technologies: Infrastructures for CollaborativeEnterprises (WETICE), 2010 19th IEEE International Workshop on (pp.12-16). IEEE.