Going through theft of IP investigations can cause tension. But Triage Forensics has a few tips to help you get through them!
Intellectual property theft includes taking from individuals or corporations their concepts, technologies, and artistic expressions—known as "intellectual property"—which can cover anything from trade secrets and patented goods and components to film, songs, and apps. Going through a theft of IP investigationscan cause stress and tension.
It is a growing threat, particularly with the rise of digital media and internet file-sharing networks. And a lot of the theft takes place abroad, where the legislation is always lax, and enforcement is more complicated. All told, piracy of intellectual property costs US companies billions of dollars a year and robs the country of jobs and tax revenues.
Preventing abuse of intellectual property is a priority of the FBI's criminal investigation network. It focuses primarily on the piracy of trade secrets and infringements on goods that may affect public health and safety, such as counterfeit vehicles, automobiles, and computer components. The path to the initiative's sustainability is to connect the tremendous expertise and energies of the private sector with law enforcement partners at local, regional, federal, and international levels.
Tips in Handling Theft of IP Investigations
1. Think of the computers as a crime scene
The first step towards a satisfactory conclusion of an IP fraud case is to ensure that the accused employee's data and computers are stored and NOT Accessible by others. It's best to think about the perpetrator employee's data and equipment as a crime scene on which no one can tread or touch.
The explanation why, any time an untrained person accesses or—attempts to access—data on computers, they are more likely to run the risk of accidental loss of data. At best, they cannot reverse substantial modifications to data, e.g., alterations to date and time stamps or accidentally overwriting the otherwise recoverable deleted records. Otherwise, the "stepped on" data could contain the "smoking gun" piece of evidence that might have secured a lawsuit.
The same principle extends to electronic devices and makes some steps to ensure no spoliated data until submitting it to a cyber forensic science service provider.
2. Take a deeper look into the data to assess the behavior of the customer
Employee IT investigations are not specific programs of eDiscovery. Rather than merely deciding what knowledge the user has or has been dealing with from which you obtain findings from conventional eDiscovery methods, digital forensic examiners take a much closer look at the details. Professional digital forensic analysts examine the evidence, explain the user's behavior, and do so as far back in time as possible.
A thorough cyber forensic science examination should provide the business owners and their lawyers with answers to many, if not many, of the following questions:
1. What process(s) did the user conduct to get IP data out of the building?
2. Did the individual use a cloud-based email account(s)?
3. Did the user use a cloud-based file-storage account?
4. Has the person made file transfers to your home computer through remote access?
5. Did anyone burn CDs/DVDs?
6. Have they been using USB flash drives?
7. Is the individual discussing wages and benefits with the rival via email?
8. Was that person selling the information?
9. Was the individual doing mass deletions?
10. Has the individual used a wiping application to hide their tracks?
One would not be able to answer these questions clearly by using conventional eDiscovery methods. Forensic IT investigationsmust undertake a digital forensic analysis to make a detailed examination of the many objects found in multiple corners and cranes to help tell the entire story. Forensic science examiners scan and analyze live files, unallocated space (where "delete" data resides), and the Register, where many tell-tale objects live, display device and software parameters, and user habits and behaviors.
3. Find the smoking gun with the requisite electronic forensics skills
To sum up, giving untrained individuals access to data and computers is not a brilliant idea, nor is it the best practice in the industry. A proper automated forensic analysis is the best practice in the treatment of IP fraud, which can collect even more information due to the examiner's capacity to review the difficult-to-access and unique locations where the data remains and eventually evaluate the data.
For the subsequent IP theft inquiry, the forensic investigator can review and evaluate the active ESI as well as the data located in an unallocated area, with particular attention paid to the following:
1. Usage of USB interface and file access correlations
2. LNK folders (shortcut files) and Hop Lists and their file and network resource control correlations.
3. Burn CD/DVD instances
4. Access to cloud-based personal email accounts
5. Access to cloud-based personal file management
6. Remote access to home/other computers with file transfers
7. Usage of the Anti-Forensics Software
8. History of the Internet
9. Logs of case
10. Registry Registration
Getting a strategy or procedure to identify the danger of IP fraud and how to train defensively for the investigation would make the operation much simpler in the long run. The first step must always be to preserve the suspect's workstation and immediately contact a remote forensic specialist.
During this call, you will have information on the situation, the needs and priorities, and the equipment to be investigated. As all cases are different, this thorough discussion would allow the cyber forensic investigator to have an approximate timeline for completing the project.
