|
The goals of the ERE forensic audit are to:
- collect digital evidence from documents, computer files, server files, and network devices.
- preserve evidence.
- document a recommended process to preserve the chain of evidence.
Evidence of undesirable activity on the enterprise network can be used in order hold accountable individuals who cause harm, financial loss, and liability, due to their misuse of corporate information and corporate network technology.
Undesired Activity
- Theft.
- Fraud.
- Collection of inappropriate or banned information.
- Disclosure of confidential information or violation of privacy compliance.
- Dissemination of inappropriate or banned information.
Commonly Identified Perpetrators
- Previous employees.
- Employees in the process of terminating employment.
- Disgruntled employees.
- Perpetrators of espionage, theft for profit.
- Collectors or senders of illegal information, such as child pornography.
Recovery of Hidden Data
- Recovery of data thought to be deleted.
- Revelation of data hidden or included in temporary or swap files.
- Gaining access to encrypted or password-protected data.
- Recover email.
- Re-image.
- Re-create fat files file allocation table.
|
