Investigating Data Theft
Introduction
The use of computers and an internet has been vastly increased at businesses in just few years. This trend has transformed the entire system of the worldwide businesses. Economies have been boosted up, communication gap has been decreased, and businesses have now much more growth opportunities. Beside these advantages of technology and an internet, there are certain risks and challenges that businesses have to face due to these latest advancements. Among these issues, security threats and risks to confidential corporate data is on the top of list.
Computer and internet experts have formulated various strategies and techniques to secure the organizational confidential data. However, there is still lot more research needs to be done in this area. Furthermore, organizations are still not much aware of the technological threats and risks so they take least measures to control it. But actually, these computer threats and risks have been increased to a level that a separate branch has been formed to deal with these issues which is called as computer forensics. This branch of science is advancing with time and exploring various techniques to secure the system. Details regarding the computer forensics will be discussed in later sections.
Whenever, the computer forensic expert is been hired and called for investigating any case of confidential data leakage then the first step is the analysis of the email system. Computer forensic expert looks for the weaknesses in the system that caused major issues and suggestions to resolve it. Various programs are being installed for the purpose of monitoring the computer network of the organization to rightly investigate the issues and the suspect.
This study is based on the XYZ aerospace engineering firm’s case. It has been observed that an organization’s employee is misusing the corporate email account and is forwarding organization confidential data to his/her personal email accounts. This is happening for the last 13 days but still the culprit is not suspected. The company only knows about the leakage of information but does not know about actual suspect. For this case, the company has hired a consultant who can guide administrator regarding the choice of programs to investigate the suspect.
Computer Forensics is the specified legal process that uses scientific knowledge for collecting, analyzing, and reporting digital information. This process is usually being used for the purpose of investigating digital crime. Since, forensics means bring to the court so the evidences found regarding the digital crime are presented to the court. Computer forensics experts investigate the system if any information is stored digitally and then devise strategies to prevent the crime. It commonly deals with the recovery of lost data and analyzing latent evidence. For this purpose, computer forensics follows the same process and face similar kind of issues as other disciplines of forensics do.
Computer Forensics is becoming an important branch of computer science with an increase in the rate of digital crime. Nowadays, most organizations and individuals digitally store their important and confidential data. Therefore, it has also become important to make your system more secure. In addition, organizations are also required to avail services of computer forensics team to investigate if any data theft occurs. It ensures the survivability and integrity of organization’s network infrastructure.
As according to the Datalink white paper, there are more than 60% organizations that have their critical data stored in email systems, 75% of intellectual property is saved in emails, 79% of organizations consider emails as written confirmation, 69% of organizations use emails to exchange statements, invoices, and payment information, 71% of companies negotiate over contracts and agreements using their emails, and 93% companies communicate with their customers through emails .
The above statistics show how importantly emails are being used today for routine tasks. Therefore, it is highly important for organizations to secure their email systems. But it is not as easy to secure email system as other communicational systems. Since, email is stored at 4 different locations i.e. sender’s computer, sender’s server, recipient server, and recipient’s computer so it is difficult for the administrator to keep it secure. Hackers or company’s own employees are the biggest threats for the organization. For this purpose, corporate security policy is been formulized and then practices of employees and other staff members are investigated as according to the rules set by the court and the security policy.
The security policy of any organization usually defines the type of websites that an employee can only visit during the work timings and using the companies’ computer. In addition to the basic rules, an organization also imposes allegations on accessing personal email accounts and other mails including company’s confidential data. It is highly important that an organization clearly clarifies and defines the policies so that in any case of violation, suspect can be sued and taken to the court of computer forensics.
Being computer forensics consultant, I can help XYZ aerospace engineering firm by providing in depth defense for the network and thus make it even more secure. In order to establish a secure and crime free network for the organization different processes are being followed which will be discussed in the next section. However, whatever process is being adopted, it must follow technical and legal aspects of computer forensics. Without following the legal aspects, the case of digital crime cannot be prosecuted in the court.
There are different types of cases in which computer forensics investigations are required. These mainly include cyber stalking, illegal activity, hacking, insurance fraud cases, finding deleted and hidden data, files transferred or copied, and finding deleted and other emails.
Considering the case of large aerospace engineering firm where violation of corporate policy and data theft has been observed. It has been informed that an employee of the firm is suspected of violating corporate policy and sending confidential corporate information to his own or others email addresses using corporate email account. It has also been informed that this action is occurring for the last 13 business days and an employee has still not been investigated.
Tools to be used for Data Investigation
Being a computer forensic consultant, I would suggest to an organization to install different programs that resides secretly in the computer and monitors user activities. Employers can monitor their employees by using proxy servers, firewall usage reports, corporate email monitoring, log files, surveillance monitoring, and packet sniffers and so on.
Firewall Usage Reports / Proxy Server
Most of the software monitoring programs is capable of detecting illegal use of company machines and that some information on the network has been attacked. However, they are unable to investigate which user or specific computer has been used for this purpose. Nowadays, most of the companies use proxy servers or firewalls to know about the aggregate website visits, time spent on each website, and other related information regarding web surfing. Though, this information is not detailed but can provide enough information from client desktop to the website and back, about any type of computer abuse. Organizations conduct periodic audits to determine if any of their employees are abusing other popular websites that have nothing to do with the business activities. These audits checks if the employee is spending more of its time working or on entertainment. Thus, proxies can be used in place of computer monitoring softwares which are incapable of investigating particular user or computer .
In case of XYZ aerospace engineering firm, firewall and proxy servers may be used to keep check on the employees’ activities. If any employee is found to be involved in strange activities then further investigations can be done through using other softwares. However, the basic investigation can easily be done by looking at the cookies, temporary internet files, and history and start menu.
Corporate Email Monitoring
Different methods of corporate email monitoring can be used to keep check on the emails at XYZ aerospace engineering firm. Certain sensitive information related keywords can be used with the software to detect any misuse or leaking of company’s confidential information. These programs are installed over the server that check the IP addresses of the company machines and investigate if any user breaks the corporate policy .
Employee Computer Surveillance
Surveillance monitoring is the techniques in which software is installed on desktop machine and it resides there undetected but capture specific information of computer usage. User profiles for their whole day work are thus being created. This information usually includes text transcripts of computer or other machine input devices that are being used. Surveillance monitoring also allows employers to check personal emails that are being accessed apart from corporate email system.
This technology can be implemented in case of XYZ aerospace engineering firm where an employee is sending confidential corporate information to personal email addresses through corporate email address. An employer will be able to keep check on the personal emails also that are being accessed at the company’s computer and used for the purpose of sending confidential corporate information to other email addresses .
There are two different types of email systems that are commonly being used i.e. company based email system or browser email system. The main difference between the two types is that company email system manages its own server and the files are been stored at server side. However, in the browser based email system mails and data is being used at the other of the organization that is server. Therefore, when an organization sets up its own email system then it becomes easier for the administrator to keep check on the emails and also recover the deleted files. The later email system is a better choice for one who has high risk of email frauds.
In case of XYZ aerospace engineering firm, an organization has its own email system. Therefore, confidential corporate emails that have been deleted from the company’s email address can be recovered. It is important that an organization make backups of its emails from time to time so that it can be loaded if they have been deleted or corrupted then backup may be loaded. Data recovery becomes easier if the email management system is centralized. For this purpose, number of storage systems and servers needs to installed and optimized.
However, instead of focusing on the investigation or monitoring computer and data recovery, it is more important to improve the data security system of the organization. It should use different techniques to secure company confidential data. These techniques mainly include using strong passwords, ensuring emails and other company information is backed up, use antivirus programs to keep the system safe from internal and external attackers, use firewall, maintaining corporate policy, and monitoring and downloading security patches .
In addition, an organization must formulate an email policy to ensure proper use of email system. It should be notified that any personal email sent or received from corporate email address is not private for an employee. Organization has full right to examine the complete message and so an administrator examines any information that crosses through an email system. This method of examining email system not only helps in investigation but also provide ideas to make the system even more secure. XYZ aerospace engineering firm must formulate certain email policies and clearly and concisely communicate to employees. They must be notified if rules are not followed then they may face legal actions.
Conclusion
Upon using the above discussed techniques i.e. firewalls, proxy, corporate email monitoring, and employee computer surveillance, the case of XYZ aerospace engineering firm can be resolved. Proxy and firewalls will help the administrator to identify visit to any illegal website or content, corporate email monitoring will identify any sign of leakage of confidential data, and employee computer surveillance will help to identify the specific employee involved in illegal activities and the personal emails that are being accessed. Thus, complete information regarding the company confidential data and the suspect can be collected by using basic techniques. Other programs intended for making the email system secure must also be installed so that an issue can be resolved before it occurs. An antivirus program will help the system be safe from external attacks and email policies will help to keep system secure internally.
Emails that had been forwarded and deleted in past 13 days will also be retrieved due to customized corporate email system. XYZ aerospace engineering firm has its own email system and so has its own server. Therefore, emails will already be there in the database. The system will be made even more efficient and risk free by maintaining backups.
References
Datalink. (2005). Overcoming Email Storage and Content Management Challenges . Datalink.
Forensic Control. (n.d.). Introduction to Computer Forensic. Retrieved from Forensic Control: http://forensiccontrol.com/resources/beginners-guide-computer-forensics/
Forensicon. (n.d.). Worker Beware - Employee Monitoring. Retrieved from Forensicon: http://www.forensicon.com/resources/articles/worker-beware-employee-monitoring/
TWC. (n.d.). Monitoring Employees' Use of Company Computers and the Internet. Retrieved from TWC: http://www.twc.state.tx.us/news/efte/monitoring_computers_internet.html
Wegman, J. (2004). Computer Forensics: Admissibility of Evidence in Criminal Cases.