Investigative plan of action

As more companies store information electronically, there is an increased need for digital forensics to discover the trails of illegal or malicious acts. In this task, you will use the scenario to develop an investigative plan of action that will prepare your investigative team to conduct an analysis on the gathered evidence.
An oil company’s senior management has reason to suspect that John Smith, one of the company’s mechanical engineers allegedly took information that was clearly identified as proprietary. The company’s legal office has requested digital evidence regarding the potential violation of company policy, which prohibits the sharing of proprietary information without prior approval. The employee was not authorized to access proprietary information. All employees sign nondisclosure agreements (NDAs) and acceptable use policies (AUPs). Senior management and the legal office have approved this request.

You are a member of the investigative team that has been asked to develop an investigative plan of action.
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The originality report that is provided when you submit your task can be used as a guide.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).

A. Create an investigative plan of action based on forensic best practices or standards that your team will implement by doing the following:

  1. Discuss the strategy that your team will use to both maximize the collection of evidence and minimize the impact on the organization.
  2. Describe the tools and techniques your team will use in evidence gathering, preparation, and analysis.
  3. Describe how your team will collect and preserve required evidence, using standardized and accepted procedures.
  4. Describe how your team will examine the seized evidence to determine which items are related to the suspected violation of company policy.
  5. Discuss an approach that your team will use to draw conclusions based on the digital evidence that supports the claim of a policy violation.
  6. Discuss how the case details and conclusions should be presented to senior management.

B. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.

C. Demonstrate professional communication in the content and presentation of your submission.

Sample Solution