CIS 417 WEEK 10 TERM PAPER – INVESTIGATING DATA THEFT
Suppose a large aerospace engineering firm has immediately hired you as a consultant to investigate a
potential violation of corporate policy and data theft. You have been informed that an employee may have
been using corporate email to send confidential corporate information to one or more personal email
accounts, which may or may not belong to him. You have been told that this action has been happening
each business day for the last 13 days and the employee is unaware of any suspicion.
Write an eight to ten (8-10) page paper in which you:
1. Explain, in detail, the initial actions you would take based on the provided information including
formal plans to preserve the crime scene(s) and eventual transportation of evidence to a lab.
2. Analyze the physical and logical places where you would look for potential evidence on the
suspect’s computer(s) and / or network servers.
3. Describe, in detail, how you proceed with the email investigation, including the review of email
headers and tracing.
4. Describe the processes that would be utilized in order to recover data that may have been
deleted from the suspect’s computer(s).
More Details hidden…