CIS 417 Computer Forensics – Strayer
Suppose a large aerospace engineering firm has immediately hired you as a consultant to investigate a potential violation of corporate policy and data theft. You have been informed that an employee may have been using corporate email to send confidential corporate information to one or more personal email accounts, which may or may not belong to him. You have been told that this action has been happening each business day for the last 13 days and the employee is unaware of any suspicion.
Write an eight to ten (8-10) page paper in which you:
1. Explain, in detail, the initial actions you would take based on the provided information including formal plans to preserve the crime scene(s) and eventual transportation of evidence to a lab.
2. Analyze the physical and logical places where you would look for potential evidence on the
suspects computer(s) and / or network servers.
3. Describe, in detail, how you proceed with the email investigation, including the review of email headers and tracing.
4. Describe the processes that would be utilized in order to recover data that may have been
deleted from the suspects computer(s).