Company Data Theft

  • We encourage our users to use Real Names to build a real community, friendships and networking opportunities.

    [more information]

Donald63

New Member
Nov 3, 2016
3
0
#1
Here is the situation.

I work in IT, and one of our clients had an employee who having taken a large amount of data shortly before his suspicious departure.

My question is, how can I find out what files may of been exported via email and or USB on certain dates or in general. I have the computer in my possession.

Thank you for all responses.
 

cybercop

Administrator
Oct 31, 2005
1,660
0
#2
Well, since this is most likely going to end in prosecution, you should immediately contact a company that does Computer Forensics and have them do their job. If you are mucking around there, all you will successfully do is make any evidence you might find not admissible in court.

You need to get them in there as soon as possible.
 

SgtJackie

New Member
Nov 30, 2015
58
0
#4
Cybercop is correct, there needs to be a dead acquisition made and the copy used to search/work on. I would look in the link files first, they will show if a USB has been used and possibly what files have been transferred to it. But you MUST work on a clone, NOT the original, or any subsequent case won't last 30 seconds in court with even a z-list lawyer.
 

athulin

Member
Experienced Member
Oct 18, 2007
730
Ratings
9
18
#5
Donald63 said:
My question is, how can I find out what files may of been exported via email and or USB on certain dates or in general. I have the computer in my possession.
If there is a company mail server, through which employees send mail, secure its logs of outgoing mail just in case.

If the files in question were stored on a central file server, you may want to consider securing that as well, but it's difficult to say, and depends on the time since the suspected incident, and access patterns.

But the suggestion to get in touch with a CF company is probably best: those people (if experienced) will catch all those kinds of things, based on the actual IT infrastructure.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu