Project 1

Scenario Characters:
You: Information Security Specialist, Greenwood Company
Hubert Jenkins: Human Resources Director, Greenwood Company
Mike McBride: (former) engineer, New Product’s Division, Greenwood Co.

**Characters will carry through Project 1, 2 and the Final Project. However, please remain conscience of who you are/what role you play in EACH project and in regards to specific questions.

For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist, an employee of the Greenwood Company, assigned to the company’s Incident Response Team.

In this case, you have been notified by Mr. Hubert Jenkins, Human Resources Director for the Greenwood Company, that the company has just terminated Mr. Mike McBride, a former engineer in the company’s New Products Division, for cause. Mr. Jenkins tells you that at Mr. McBride’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Greenwood, with ALL I have to offer.”

Mr. McBride’s statements made Mr. Jenkins fear he might be taking Greenwood’s intellectual property with him to his new employer (undoubtedly a Greenwood competitor). In particular, Mr. Jenkins is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years. Mr. Jenkins provides you a copy of the source code to use in your investigation. Lastly, Mr. Jenkins tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in the future, so anything you do should be with thought about later potential admissibility in court.

The Fourth Amendment to the U.S. Constitution reads, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” While the Fourth Amendment is most commonly interpreted to only affect/restrict governmental power (e.g., law enforcement), the fact that a formal criminal investigation is a possibility (and the Company has no desire to be named in a civil lawsuit) means you must consider its effect your actions.

In fact, in Burdeau v. McDowell, 256 U.S. 465 (1921), the U.S. Supreme Court reviewed the use of documentary evidence (in a potential criminal case) stolen from McDowell’s office. The Supreme Court held that the Fourth Amendment’s protection against unreasonable searches and seizures related only to governmental intrusion. When evidence is gained by the police or the government in ways that are considered illegal and unreasonable and violate the Fourth Amendment, that evidence may be inadmissible in court. That sanction, known as the “exclusionary rule” was developed by the courts to punish the police when they flagrantly violate the Fourth Amendment and other constitutional rights.
Here is another wrinkle in this area of the law: IF the police request a private individual to do something on their behalf that the police do NOT have a constitutional right to do, that private person becomes an agent of the police and anything gained as a result of such action may risk the sanction of having the evidence inadmissible in court.

As an IT professional working for a private company, the Fourth Amendment does NOT apply to you. But there are still legal considerations regarding investigations and actions you might take in your private (non-government) role. Courts, including the Burdeau Court, will consider other actions, or rights of redress, against private individuals who illegally seize another’s private property (i.e. civil suit or criminal charges if taking amounted to a theft). Privacy rights are considered by the courts based on constitutional language found in several amendments including the due process clause of the Fourteenth Amendment. Note also that individual states often have their own privacy laws.

Now, with all of this in mind, based on the above scenario, the fact that a formal criminal investigation is a possibility and that your Company has no desire to be named in a civil lawsuit, answer the following questions in paragraph format properly. Remember to properly cite outside research where appropriate. There is NO need to research areas of Forth Amendment search and seizure law that affect the police (government) only, such as exigent circumstances, the plain view doctrine, car searches, search incident to arrest, etc. Please thoroughly discuss the answer ONLY from your role given in the scenario. I am looking for you to take a position in your response to the questions and defend it based on course material, outside research and common sense. These types of issues, as well as search and seizure law in general, are litigated everyday in courts around the country and often have no clear-cut answers.

Prior to any incident happening, it is important for any company to implement a “forensic readiness” plan. Discuss the benefits of a forensic readiness plan and name what you believe are the top three (3) requirements to establish forensic readiness within a private sector business. Thoroughly explain and support your answer. (Please note that while cyber security and digital forensics have overlaps in incident response preparation, please limit your answers here to forensic readiness in the digital forensic arena, not cyber security.)

Mr. Jenkins, out of concern for the theft/sharing of the “Product X” source code, is pushing requesting that you or your supervisor start searching the areas in which Mr. McBride had access within the building. Can you (or Mr. McBride’s supervisor) search McBride’s assigned locker in the Company’s on-site gym for digital evidence? Thoroughly explain and support your answer.

Can you (or Mr. McBride’s supervisor) use a master key to search McBride’s locked desk for digital evidence after McBride has left the premises? Thoroughly explain and support your answer.

The police have not been called or involved yet, however, Ms. Jenkins asks how involving the police will change your incident response. Develop a response to Mr. Jenkins that addresses how the parameters of search and seizure will change by involving the police in the investigation at this time. Thoroughly explain and support your answer.

There is a page in the Company’s “Employee Handbook” that states that anything brought onto the Company’s property, including the employees themselves, is subject to random search for items belonging to the Company. There is a space for the employee to acknowledge receipt of this notice. Mr. McBride has a copy of the handbook but never signed the page. Does that matter? Thoroughly explain and support your answer.

Greenwood Company uses a security checkpoint at the entrance to the building. A sign adjacent to the checkpoint states that the purpose of the checkpoint is for security staff to check for weapons or other materials that may be detrimental to the working environment or employee safety. Screening is casual and usually consists of verification of an employee’s Company ID card. Can security staff at this checkpoint be directed to open Mr. McBride’s briefcase and seize any potential digital evidence? Thoroughly explain and support your answer.

You know that it is important to document the details of your investigation if the company wants to insure admissibility of any evidence collected in the future. However, Mr. Jenkins has never heard of the term “chain of custody.” Write an explanation to Mr. Jenkins of what the chain of custody is, why it is important, and what could occur if the chain of custody is not documented. Thoroughly explain and support your answer.

Project Requirements:

Each questions should be answered thoroughly with a minimum of 1-2 paragraphs, so do your research, be specific, be detailed, and demonstrate your knowledge;

Answers to the above questions should be submitted in a single document (.DOC/.DOCX, .RTF, or .PDF), with answers separated and numbered so as to make it clear which question is being answered;

The submission should have a cover page, including course number, course title, title of paper, student’s name, date of submission;

Format: 12-point font, DOUBLE-space, one-inch margins;
It is mandatory that you do some research, and utilize outside resources! References page: APA citation style