Joined: Nov 01, 2005 Posts: 551 Location: Marion, Indiana, USA
Posted: Sat Nov 05, 2016 6:47 am Post subject:
Well, since this is most likely going to end in prosecution, you should immediately contact a company that does Computer Forensics and have them do their job. If you are mucking around there, all you will successfully do is make any evidence you might find not admissible in court.
You need to get them in there as soon as possible.
Joined: Dec 01, 2015 Posts: 19 Location: Aberdeen, Scotland
Posted: Wed Nov 16, 2016 10:18 pm Post subject:
Cybercop is correct, there needs to be a dead acquisition made and the copy used to search/work on. I would look in the link files first, they will show if a USB has been used and possibly what files have been transferred to it. But you MUST work on a clone, NOT the original, or any subsequent case won't last 30 seconds in court with even a z-list lawyer.
Posted: Thu Nov 17, 2016 3:07 am Post subject: Re: Company Data Theft
My question is, how can I find out what files may of been exported via email and or USB on certain dates or in general. I have the computer in my possession.
If there is a company mail server, through which employees send mail, secure its logs of outgoing mail just in case.
If the files in question were stored on a central file server, you may want to consider securing that as well, but it's difficult to say, and depends on the time since the suspected incident, and access patterns.
But the suggestion to get in touch with a CF company is probably best: those people (if experienced) will catch all those kinds of things, based on the actual IT infrastructure.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum