Figuring Out Inside Threats

Just a few short years ago, an employee walking out of the building carrying boxes of sensitive company information would have raised a few eyebrows and subjected that employee to some questioning.

But, these days, when many employees are plugging in their various mobile devices to company computers as the course of business, how can you be sure that worker isn’t downloading intellectual property to sell to a competitor or gathering client lists to start their own competing business?

Portable media such as USB hard drives, MP3 players, smartphones, and tablets now have the storage capacity to hold huge amounts of information, but they also leave large amounts of traceable evidence from a computer forensics perspective.

For example, each time a portable hard drive of any type (external hard drives, portable thumb drives, iPods, etc.) is plugged into a computer it leaves information such as drive manufacturer, model, and serial number of the device used. In addition, the computer logs the times and dates that the portable storage was used.

When a forensic analyst combines this with file access times, creation dates, and file deletion dates, it is possible to create correlation of information that was moved to the media. If the storage media in question can be obtained, with the files more than likely “deleted”, computer forensic tools can be used to recover the information to prove the theft and attempts of spoliation.

Some prefer to take intellectual property slowly rather than all at once. Many times this is done using e-mail being sent to an outside account that is likely their home computer. Unfortunately, plans to steal intellectual property in this manner are planned and the perpetrator uses webmail to avoid the traces that will be left on the company e-mail server. However, this activity can be viewed in the computer’s Internet history and cached web pages. Even when this information is deleted, the information may still be recovered using sophisticated forensic software.

Other methods of intellectual property theft using computers that can be proven are remote access to company systems from home, “burning” the information to CDs, and the use of Internet storage areas.

Companies depend on the intellectual property that is stored digitally on their computer systems for their current and future success. With the significant role that computers often play in intellectual property and trade secret thefts, computer forensics has become a critical component in piecing together the facts needed for a successful investigation or potential litigation.

For more information on insider threats or any other computer forensics need, please call Sword & Shield at 865-244-3500 or email us at secureme@swordshield.com. You can also fill out a consultation request.


Comments are closed.