Searching the employee’s purse
The US Constitution prohibits employers from conducting searches on employees. However, the protection does not apply to private organizations (Easttom, 2014). The manager had a legal right to search the employee’s purse. The employee was suspected of using the organization’s softcopy data for other purposes other than those of supporting the firm’s operations.
Thus, it was necessary for the manager to search her purse in order to look for any material that the employee could have been using to transfer data from the firm’s computer systems.
The search was right because there was some suspicion that the worker was taking data with regard to the National Security Agency (NSA). In an era characterized by terrorism, it was prudent for the manager to search the worker’s purse because she could have been using the sensitive security data to compromise the security of the nation.
The alleged activity
The alleged activity constitutes a crime. It was suspected that the worker was using some tools to transfer the data from the intranet. It could not be established where the worker was taking the suspected data.
Workers are prohibited from using their employers’ information for reasons not having to do with companies’ businesses. If it is confirmed that she was illegally retrieving the data and using them for illegal purposes, then she would be punishable by the law (Taylor, Haggerty, Gresty & Lamb, 2011).
Steps in initiating the investigation
Assuming that a crime may have been committed, the following steps should be used to initiate the investigation (Easttom, 2014):
- Interviewing the employee who was suspected of transferring the firm’s data.
- Reviewing the evidence collected in the interview with the suspect.
- Re-interviewing the suspect. This would establish whether or not the suspect would have changed her facts.
- Authenticating the crime. The re-interview could have offered extra information that could help to identify whether or not the suspect was false reporting.
- Analysis of the facts with regard to the crime. This could involve analyzing the data retrieved from the flash drive. For example, the nature of the data and possible destinations and uses could be established.
- Concluding the investigation. This would involve assembling all the crucial parts of the evidence and doing proper documentation. At the end of this stage, the evidence would be ready for presentation in a court.
In assembling the evidence, it would be important to consider the following:
- The time of events.
- Other parties enjoined in the crime.
- The security of the computer systems within the firm.
- Working culture of the organization.
Rules of evidence
Rules of evidence with regard to the state where the crime was committed would be applied. The rules would guide the following aspects of the crime: the evidence, time, circumstances, and the purpose of placing the case before a court.
My legal and ethical responsibilities
As a system forensics professional and expert witness, I have a legal responsibility to collect the evidence using legal standards that apply to computer forensics. For example, I should use the right tools to retrieve the data from the computer systems (Easttom, 2014; Nelson, Phillips, & Steuart, 2010). Also, I have an ethical responsibility of presenting unaltered data to a court. In addition, I should use the evidence only for the purpose of the case at hand.
Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: Cengage Brain. com.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.