rudyr wrote:
I'm reaching out to the community to see what particular approaches you might take if you were to examine a system of an outgoing employee. Not necessarily the most comprehensive, but if you were time and budget constrained, what might be the 5 or 10 things you'd definitely want to check for. Examples might be:
As has already been mentioned, I would think that the best place to start is to go to HR (or just your target audience in general) and determine what they feel is a "violation". For some organizations, "surfing pr0n" might be a violation of acceptable use policies, but they might not have thought of "IP theft" as an issue.
You mention USB devices...there are a number of freeware tools that are available to assist you with this, but most use the publicly-accepted process for determining USB thumb drives and external drive enclosures connected to systems, and as such, miss other rather ubiquitous devices.
rudyr wrote:
Very open minded to what people see as possible forms of IP theft I haven't listed, as well as the Top 5 / 10 things to check for (short of a full soup to nuts examination of a machine) as well as the tools you might recommend to conduct the examination (Commercial suggestions like Encase w/ certain scripts is fine, but open source would be interesting as well to present a spectrum of cost options).
I'm creating the Forensic Scanner application for examinations just like what you've described. I'm doing so, in part, to make it easier to do these sorts of exams quickly, but also because while the tools are out there, most of them do not work together.
If you want to discuss your original topic offline, you can reach me at keydet89 at yahoo dot com.
↧