Preamble
An organization chief executive officer (CEO) was suspected of fraud, and digital forensic investigators were assigned to acquire a forensic duplicate of his laptop without his knowledge, and his laptop was configured with full disk encryption.
Restrain
The best option was to shut down the laptop, create a forensic duplicate of the hard drive, and decrypt the hard drive using an administrative decryption key. Notably, investigators had insufficient time for such laid down approach.
Plan of Action
The forensic duplicate of the data must be acquired from the live laptop while the system was left running in the chief executive Officer’s unit. The CEO was called out for an interview germane to the suspected fraud charges. The digital forensic investigators were then, able to interact with the CEO’s laptop, made changes to the system, acquire vital data on the laptop hard drive in an unencrypted format, including deleted data.
Lack of Decorum
During the acquisition process, digital investigators documented findings and enabled unauthorized access to concluding evidence. It must be recognized and acknowledged that the fundamental principle for handling forensic investigation in the most unstable environment, such as the CEO’s office, is not a smooth sailing event. Also, forensic investigators must be incredibly careful not to violate any laws and give rise to liability.
Answer All Questions (1:1 – 1:6)
Question 1:1 Do you, as an investigator, believe that forensic investigators charged with the case vehemently violated the laws and rise to liability?
Question 1:2 Do you, as an investigator, have confidence and willing to support digital forensic investigator’s conclusive evidence of this case in court?
Scenario: Try extremely hard to make allowances for forensic investigators’ operation in the most uneven crime scene to avoid breaching the fundamental principle of forensic investigation.
Question 1:3 Provide a comprehensive plan of action to guide digital forensic investigators in an unbalanced crime scene of this nature.
Question 1:4 Do you support the option that digital forensic investigators charged with this case should have obtained extra search warrant?
Question 1:5 Describe the Benefits and Drawbacks of Search Warrant on the organization’s Chief Executive Officer in such a given situation.
Question 1:6 Describe the Benefits and Drawbacks of extra Search Warrant on forensic investigators in the same given situation.