Print Сite this

Computer Forensics Investigation Plan

Searching the employee’s purse

The US Constitution prohibits employers from conducting searches on employees. However, the protection does not apply to private organizations (Easttom, 2014). The manager had a legal right to search the employee’s purse. The employee was suspected of using the organization’s softcopy data for other purposes other than those of supporting the firm’s operations.

We will write a
custom essay
specifically for you

for only $16.05 $11/page
308 certified writers online
Learn More

Thus, it was necessary for the manager to search her purse in order to look for any material that the employee could have been using to transfer data from the firm’s computer systems.

The search was right because there was some suspicion that the worker was taking data with regard to the National Security Agency (NSA). In an era characterized by terrorism, it was prudent for the manager to search the worker’s purse because she could have been using the sensitive security data to compromise the security of the nation.

The alleged activity

The alleged activity constitutes a crime. It was suspected that the worker was using some tools to transfer the data from the intranet. It could not be established where the worker was taking the suspected data.

Workers are prohibited from using their employers’ information for reasons not having to do with companies’ businesses. If it is confirmed that she was illegally retrieving the data and using them for illegal purposes, then she would be punishable by the law (Taylor, Haggerty, Gresty & Lamb, 2011).

Steps in initiating the investigation

Assuming that a crime may have been committed, the following steps should be used to initiate the investigation (Easttom, 2014):

  1. Interviewing the employee who was suspected of transferring the firm’s data.
  2. Reviewing the evidence collected in the interview with the suspect.
  3. Re-interviewing the suspect. This would establish whether or not the suspect would have changed her facts.
  4. Authenticating the crime. The re-interview could have offered extra information that could help to identify whether or not the suspect was false reporting.
  5. Analysis of the facts with regard to the crime. This could involve analyzing the data retrieved from the flash drive. For example, the nature of the data and possible destinations and uses could be established.
  6. Concluding the investigation. This would involve assembling all the crucial parts of the evidence and doing proper documentation. At the end of this stage, the evidence would be ready for presentation in a court.

Critical considerations

In assembling the evidence, it would be important to consider the following:

Get your
100% original paper
on any topic

done in as little as
3 hours
Learn More
  1. The time of events.
  2. Other parties enjoined in the crime.
  3. The security of the computer systems within the firm.
  4. Working culture of the organization.

Rules of evidence

Rules of evidence with regard to the state where the crime was committed would be applied. The rules would guide the following aspects of the crime: the evidence, time, circumstances, and the purpose of placing the case before a court.

As a system forensics professional and expert witness, I have a legal responsibility to collect the evidence using legal standards that apply to computer forensics. For example, I should use the right tools to retrieve the data from the computer systems (Easttom, 2014; Nelson, Phillips, & Steuart, 2010). Also, I have an ethical responsibility of presenting unaltered data to a court. In addition, I should use the evidence only for the purpose of the case at hand.


Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.

Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: Cengage Brain. com.

Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.

Cite this paper

Select style


StudyCorgi. (2020, October 3). Computer Forensics Investigation Plan. Retrieved from


StudyCorgi. (2020, October 3). Computer Forensics Investigation Plan.

Work Cited

"Computer Forensics Investigation Plan." StudyCorgi, 3 Oct. 2020,

* Hyperlink the URL after pasting it to your document

1. StudyCorgi. "Computer Forensics Investigation Plan." October 3, 2020.


StudyCorgi. "Computer Forensics Investigation Plan." October 3, 2020.


StudyCorgi. 2020. "Computer Forensics Investigation Plan." October 3, 2020.


StudyCorgi. (2020) 'Computer Forensics Investigation Plan'. 3 October.

This paper was written and submitted to our database by a student to assist your with your own studies. You are free to use it to write your own assignment, however you must reference it properly.

If you are the original creator of this paper and no longer wish to have it published on StudyCorgi, request the removal.