Forensics Report 1

Forensics Report#1

Student’s Name

Institution Affiliation

OVERVIEW

The contemporary environment is affected by very many issues. It is imperative to have an effective forensic procedure to determine the cause of some of the issues affecting the society. From this, there is the ability to carry out effective research and understand the actual issues that have happened and consequently understand the best manner through which to deal with them. The case provided in the study is that of an organization where one of the top managers resigned in means that were not clear. This aspect made the organization president decided to incorporate forensic tools to understand the issue further.

ANNOTATED INVENTORY OF FORENSICALLY INTERESTING FILES

The files of Forensic Interest included the following:

Mr. Dean’s work computer currently in the Information Technology Department

This work computer had been infected by a nasty root kit. The computer was supposed to be serviced and taken back on Friday at 10.00 AM.

Laptop case

The laptop case was used to hold Mr. Dean’s laptop. The laptop case was found empty on the floor.

2GB USB drive

This device was found in the laptop case. The 2GB USB drive contained Mr. Dean’s duty files. There was no information that showed that Dean was against the company’s interests.

Inventory items for files of forensic interest included the following:

The work computer

This computer was Dean’s workstation. It had been taken to the IT service center within the same week. It was missing, but only because it have been taken to IT service center. It would be brought back to the station on the following Friday.

Missing laptop

The missing laptop had been Mr. Dean’s substitute for his workstation. The laptop had been issued by the company. It was found to be missing because its case was empty.

The USB Drive

Mr. Dean used the USB Drive to store his work related files as the Assistant Chief Security Officer. After its analysis, it was found that nothing that could incriminate Mr. Dean since the files in the USB drive reflected his urge to work in parallel with the company’s interest.

THRESHOLD ASSESSMENT REPORT

After carrying out substantial research and reviewing all the evidence present, it is imperative to note that there was some inconsistency regarding the manner in which the particular employee resigned. The fact that the laptop case was found below the table adds to the suspicions because if the person resigned honorably, he would have at least left the laptop case on top of the table. The factors stated are some of those that led to the forensic examiners becoming involved with the case. The USB disc found ought to receive special examination to determine the information stored in it. The fact that the Chief Executive asked that the workstation computer be transferred back to the work office is an imperative step to take for it saw to it that information was not deleted from the computer at which the particular employee was working.

The manner in which the employee terminated his employee is somehow suspicious and this is because for an organization such as the one given in the study, it is a requirement to tender a formal resignation by writing a letter and submitting to the relevant authorities in the organization. Going through the evidence may bring out information tying the particular worker to some illegal activities (Kiely, 2011). Either that or the employee was blackmailed out of his work. The room should also be wiped for fingerprints and this might assist in identifying the people that visited the particular worker prior to his quitting.

Going through the case background is vital for it assists in understanding various crucial points in the case. The forensic examination was carried out to identify the actual reasons why the employee sought termination of his employment. People that were affected by the action were the chief executive since he was short of employees and thus the running of the organization was affected. There were other people that were affected by the actions of the employee. One of the critical people affected by this action was his assistant. It is common in many organizations that the respect accorded to a top-level manager does not match the one offered to the assistant. With this, the employees are bound to misbehave given that authority is not as austere (Kiely, 2011). Employees operating under the manager are also bound to feel the effect of this and this is because the forensic officers get to examine these employees too to ensure that they cover all the areas surrounding the case with regard to the case.

Case Questions

What was George Dean up to before he resigned?

According to the sweep carried out in his office, it is allowed to state that Dean was not up to noble actions at the time of resigning and it is possible a member of the organization had noticed that and blackmailed him out of the job.

Why did he resign so suddenly?

The reason why he resigned suddenly is that he did not want to cause any type of scene in the organization since the other worker might have informed the entire organization of his misbehavior and consequently embarrass himself.

Summary of Performed Examinations

After carrying out on-site examination, it was identified that the laptop case under the desk and the left USB flash indicates that the employee left in a hurry and thus the location ought to be recognized as a crime scene because of inconsistency even with regard to tidiness. Given the reputation of the particular employee and then visiting the site, one gets to understand that the most likely reason for the change and the upgrade in cleanliness is that the employee was trying to cover up an issue. Either that or someone came to his office and cleaned it up to avoid any form of detection. Both these factors are subject to forensic research.

After interviewing the employees that worked with him, it was identified that he was never neat with his workstation but the fact that on that particular day he had tidied up is a factor that served as evidence that something was wrong. It is also critical to understand that some of the employees interviewed did not appear confident in themselves and the reason is that they might have had something associated with the case. It was difficult to hold any evidence above these workers because the case was not quite formal through the legal procedures that could have allowed an entire sweep of the organization.

After viewing the employee contract, it was found out that the employees had some more years left to work and the fact that he had quit prior to the contract’s maturity date was an inconsistency. The computer hardware showed there were some illegal documents that the employee had stored in his computer. The computer hardware showed that there was some information that had been deleted. However, this particular manager was sloppy because all the documents that he had removed from his computer, he had stored it in an insecure cloud. It was thus possible to go through the actual cloud and identify the folder where he had stored the information. After the information was obtained, it was taken to the relevant authorities for further examination and understanding.

The subject of the forensic examination was the employee who had resigned without letting the manager of the organization knows this action. The location where this took place was in the employee’s office where all the evidence required for the research was found. The policy violations broken by the particular employee was the termination of the contract prior to its maturity date (Kiely, 2011). The criminal issues involve having documents from other companies that may lead to the downfall of the organization. The organizations harmed were both the one where he worked for and the once where he had worked before. The civil allegations against this manager were very serious. The fact that the manager had even involved some of his workers in his scheme serves as a civil crime and consequently the manager ought to receive punishment for it.

The findings were very reputable and this is from the fact that the computer that was brought from the Information Technology department supported the data in the USB disc. However, the errors that were not accounted for was not identifying the actual dates that the data was received and stored.

Several questions may come from this case and particularly the ease of data retrieval. Why was it that easy? Might the information have doctoring? Is the investigator experienced in his job? Does he have a personal relationship with the employee? Additional considerations with regard to the investigation are that the employee was colluding with another worker in the organization. Having these considerations assists in understanding the basics of the case even further.

Table 1: File Inventory

Item File Path MAC Times Item number Importance of the item

Laptop bag Company security 11 pm the previous night 3465 Limited importance

USB Disk Police officers 12 a.m this morning 2567 Medium importance

Computer Hard disk Police officers 10.a.m the previous day 8536 High priority

Table 2: Inventory Importance

Item Importance Explanation

Laptop bag Low The bag can only provide evidence through finger prints and it is obviously expected to belong to the missing manager thus no real leads

USB Disk medium The USB Disk may contain vital information that the missing manager may have had and wanted to keep secret.

Computer Hard Disk high The computer hard disk is vital for it contains information that the manager was working on before disappearing.

Reference

Kiely, T. (2011). Forensic Evidence: Science and the Criminal Law. Chicago: Chicago University Press.