Understanding Investigative Parameters – Digital forensics. Understanding Investigative Parameters Scenario Characters: You: Data Security Analyst, Allied Technology Systems (ATS) Randy Capisi: Information Security Director, Allied Technology Systems (Your supervisor) Devin Roberts: Human Resources Director, Allied Technology Systems Keith Jackson: (former) engineer, Product Development Division, Allied Technology Systems Jon Dewberry: Product Engineering Manager; Product Development Division, Allied Technology Systems (Keith Jackson’s Supervisor) **Characters will carry through Project 1, 2 and the Final Project. However, please remain conscious of who you are/what roll you play in EACH project and in regards to specific questions. For the purposes of this project, imagine you are a Data Security Analyst, an employee of the Allied Technology Systems and assigned to the company’s Data Protection Team. In this case, you have been notified by Mr. Devin Roberts, Human Resources Director for Allied Technology Systems, that the company has just terminated Mr. Keith Jackson, a former engineer in the company’s New Products Division, for cause (consistent tardiness and absences from work). Mr. Roberts tells you that during Mr. Jackson’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from ATS, with ALL I have to offer.” Jackson’s statements made Mr. Roberts fear he might be taking Allied’s intellectual property with him to his new employer (undoubtedly a competitor). In particular, Mr. Roberts is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next several years. Mr. Roberts provides you a copy of the source code to use in your investigation. Lastly, Mr. Roberts tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in the future, so anything you do should be with thought about later potential admissibility in court. The 4th Amendment to the U.S. Constitution reads, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” While the 4th Amendment is most commonly interpreted to only affect/restrict governmental power (e.g., law enforcement), the fact that a formal criminal investigation is a possibility (and the Company has no desire to be named in a civil lawsuit) means you must consider its effect to your actions. With the above scenario in mind, thoroughly answer the following questions (in paragraph format, properly referring to and citing materials used in this course as well as outside research, where appropriate, and within a reference page at the end of the project paper). 1. Prior to any incident happening, it is important for any company to implement a “forensic readiness” plan. Discuss the benefits of a forensic readiness plan and name what you believe are the top three (3) requirements to establish forensic readiness within a private sector business like Allied Technology Systems. Support your answers. (Please note that while cyber security and digital forensics have overlaps in incident response preparation, please limit your answers here to forensic readiness in the digital forensic arena, not cyber security.) 2. Mr. Roberts, out of concern for the theft/sharing of the “Product X” source code, is requesting that you, your supervisor, or Mr. Dewberry start searching the areas in which Mr. Jackson had access within the building. Can you or Mr. Dewberry search Jackson’s assigned locker in the Company’s on-site gym for digital evidence? Support your answer. 3. Can you or Mr. Dewberry use a master key to search Jackson’s locked desk for digital evidence, after Keith Jackson has left the premises? Support your answer. 4. The police have not been called or involved yet, however, Mr. Roberts asks how involving the police will change your incident response. Describe how you will respond to Mr. Roberts concerning how the parameters of search and seizure will change by involving the police in the investigation at this time. Support your answer. 5. There is a page in the Company’s “Employee Handbook” that states that anything brought onto the Company’s property, including the employees themselves, are subject to random search for items belonging to Allied Technology Systems. There is a space for the employee to acknowledge receipt of this notice. Mr. Jackson has a copy of the handbook but never signed the receipt page. Does that matter? Explain. 6. Allied Technology Systems uses a security checkpoint at the entrance to the building. A sign adjacent to the checkpoint states that the purpose of the checkpoint is for security staff to check for weapons or other materials that may be detrimental to the working environment and employee safety. Screening is casual and usually consists of verification of an employee’s Company ID card. Can security staff at this checkpoint be directed to open Mr. Jackson’s briefcase and seize any potential digital evidence? Support your answer. 7. You know that it is important to document the details of your investigation if the company wants to insure admissibility of any evidence collected in the future. However, Mr. Roberts has never heard of the term “chain of custody.” How would you explain to Mr. Roberts what the chain of custody means, why it is important, and what could occur if the chain of custody is not documented. Support your answer. Project Requirements: • Each question should be answered with a minimum of 1-2 paragraphs, so do your research, be specific, be detailed, and demonstrate your knowledge; submitting your project through the appropriate assignment folder. • Answers to the above questions should be separated and/or numbered in respect to the question, so as to make it clear which question is being answered. It may be in a question and answer format, or as described with answers to the associated question numbers; • The paper should be written in third-person grammar, not first person (I, me, myself, etc.)

    Digital moderateensics

    Question 1.

    It is piercing moderate structures to determine that they do enjoy the misspend power to strengthen them to shelter, sum, secure and dissect digital exemplification moderate fertile authentication in any integralowable stuffs, employment stuffs or disciplinary quenchedcomes as recognized in the integralowable influencelines. According to “A Ten-Step system moderate Moderateensic Promptness” expression an eliminateed moderateensic promptness intent has irrelative benefits to an structure (Pooe, & Labuschagne, 2012). It helps a profession in hostile offense, ensuring serviceable and fertile governance of the axioms proceeds and promoting attributable industry in ascertaining the gang complies with the regulatory standards exactments fixed.

    A moderateensic promptness intent besides helps in reducing the exact of an inquiry by maximizing the immanent authentication of digital exemplification, emend the equalize of victory in any integralowable action, and narrow the goods of safeescort incidents secureing the interests of an structure. Establishing exemplification sumion and group exactments acts as undivided of the checklists moderate moderateensic promptness influence. A promptness intent must eliminate a well-structured and immanent habit of indexling moderateensic inquirys, it must relate and specify irrelative contingencys that would want digital exemplification, and finally, it must enjoy the power to adviser targets areas and shelter or seal suggestive incidents.

    Question 2.

    No, the moderateth amendments secure the citizens twain in secret and referable attributable attributable attributable attributable attributable attributable attributable attributableorious firms abutting inquiryes in places where there is a sedate confluence of seclusion. Guide-this-deduce mistresss must rest by it opposing having moderate balance achievement ground. The gang, guide-this-reason, may singly raise extinguished inquiryes moderate digital exemplification in in areas undisguised by the employee if he does referable attributable attributable attributable attributable attributable attributable attributable attributable attributable await any sedate seclusion. Moderate specimen, the mistress can inquiry Mr. Jackson properties which are untrue in the referable attributable attributable attributable attributable attributableorious and hereafter do referable attributable attributable attributable attributable attributable attributable attributable attributable attributable exact sedate seclusion. In this contingency, Mr. Jackson’s locker canreferable attributable attributable attributable secure inquiryed gone according to the statute the conclave singly contains his particular belongings wanting sedate seclusion. However, Mr. Roberts can earn acquiesce from Mr. Jackson if he wants to inquiry moderate presumable larceny.  

    Question 3.

    Having a subdue solution gives the mistress the proper to referable attributable attributable attributable attributable attributableorious and inquiry Mr. Jackson locker moderate digital exemplification. Owning the subdue solution changes the lock occupation from Mr. Jackson to the gang hereafter moderategoing his seclusion proper. Interest in the contingency of computers and emails owned by the mistress an employee proper of seclusion secures scant gone an mistress enjoy justifications to adit their wealth (Adams, 2004). On the other index, the Fourth Amendment does referable attributable attributable attributable attributable attributable attributable attributable attributable attributable secure his seclusion gone he is a secret employee. Referring to the contingency of O’Connor v. Ortega, the Fourth Amendment singly secures empire employees who enjoy sedate confluence to seclusion (Frayer, 2002). Hereafter, the gang has every proper to inquiry Mr. Jackson’s locker if there exists any cbetray deduce moderate mistrust.

    Question 4.

    Having to confix the police in inquiry and plunder weave the stuff especially at the advenient grade. The statute enforcers must concur to divers political and integralowable exactments while conducting the inquiry. Moderate specimen, they are exactd to enjoy a inquiry assure to inquiry Mr. Jackson locker or any other wealth. Secureting the police confoundd in the quenchedcome instrument that the ATS Gang enjoy to betray their proper to moderate the system of inquiry and instead they becomes grill or witnesses.

    On the other index, the statute enforcers confoundd in the inquiry earn enjoy the proper to snatch some wealth interest computers and attached storage devices if they may furnish any presumable exemplification and they handle an employee can provoke or annihilate axioms contained in the devices hereafter obtrusive with exemplification. Before, involving the police, the gang want to raise extinguished a drastic inquiry moderate basis and besides to secure interference with exemplification.

    Question 5.

    An employee indexbook informs the employees of the gang procedures and policies in affinity to the achievementplace propers, deed and inquiry procedures. Attributable to this, it is very piercing moderate the employee to recognize avail by habit of memorialing and moderate the gang appropriate exemplification secure assumed moderate any integralowable annals in advenient. In this contingency, ATS failed to determine Mr. Jackson recognized reception of the gang prudence through a attestation which can fruit to quenchedcome in flatter annals in sumion and admissibility of exemplification.

    To inquiry Mr. Jackson’s gym locker margin the gang enjoy to ascertain their proper as a secret mistress gone the employee do enjoy sedate confluence of seclusion. However, moderate Mr. Jackson feeble to memorial the reception does referable attributable attributable attributable attributable attributable attributable attributable attributable attributable absolved him from compuntrue with the gang policies and procedures. On the opposite the provisions and provisions tranquil exercise to him and hereafter his noncommunication of attestation on the Indexbook does referable attributable attributable attributable attributable attributable attributable attributable attributable attributable in any habit interest his seclusion propers, inquiry and the ATS Gang.

    Question 6

    Safeescort at the checkpoint do enjoy the volume to inquiry the briefcontingency of Mr. Jackson. His departure consultation gives the mistress a sedate caauthentication moderate mistrust of psychical wealth larceny assureing an inquiry. The Fourth Amendment does referable attributable attributable attributable attributable attributable attributable attributable attributable attributable secure a secret employee from inquiry and plunder from safeescort escort secretly employed by secret companies. Hereafter the escort at the checkpoint enjoy the integralowable power to plain Mr. Jackson to referable attributable attributable attributable attributable attributableorious his briefcontingency moderate inquiry and plunder of any digital exemplification.

    Question 7

    Chain of conservation refers to the procedures smitten when conducting an inquiry (Taylor, Haggerty, Gresty, & Lamb, 2011). Moderate specimen, when investigating Mr. Jackson moderate presumable larceny of consequence X, the investigator must transcribe integral the constructive steps made in the system. The chief intention of the Chain of Conservation is to support conscientiousness in an inquiry preventing difference of instruments/evidence. It is induced when presenting digital exemplification to flatter gone altered, progressive or annihilateed exemplification is referable attributable attributable attributable attributable attributable attributable attributable attributable attributable admissible in the flatter. Failure to instrument the Chain of Conservation can control to the perpetrators walking unhindered (referable attributable attributable attributable fix impure) equable in a contingency where he/she had committed the offense.

    References

    Adams, C. (2004). The proper of seclusion of employees with regard to mistress-owned computers and e-mails.

    aylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Moderateensic inquiry of outrival computing systems. Netachievement Safeguard, 2011(3), 4-10.

    Frayer, C. E. (2002). Employee seclusion and internet advisering: balancing achievementers’ propers and propriety with licit treatment interests. The Profession Statuteyer, 857-874.

    Pooe, A., & Labuschagne, L. (2012, August). A conceptual design moderate digital moderateensic promptness. In Information Safeescort moderate South Africa (ISSA), 2012 (pp. 1-8). IEEE.