While most legal professionals think of external hackers when they hear about information theft, that's often not the case. The more common culprit: someone with legitimate access to the information - i.e., insiders.
Common insider methods include:
RESPONDING TO A LOSS
Investigating I.P. theft uses classic investigative techniques, but with different tools. Like any crime, the factors of need, opportunity and rationalization must be evaluated. But the key focus - opportunity - is where the techniques of the investigator must be appropriate and up-to-date. Forensic computer investigation, e-mail screening, and network/workstation monitoring, can be critical to find evidence of wrongdoing.
Forensic computer investigation is the most valuable of these techniques. Evidence of wrongdoing - the "fingerprints" and "footprints" of fraud or theft recorded on electronic media - are very difficult to erase or hide. A well executed forensic computer investigation can recover all data recorded on a computer hard drive (or other media), including anything deleted by the user.
Commercially available (and proprietary) software tools can help investigators evaluate electronic media on a bit-by-bit basis, and reconstruct key strings of information, if not entire documents. Time frames can be determined such as dates of document creation, alteration or destruction. Caveats exist, obviously, as documents can be partially, if not entirely, overwritten the longer a machine has been in use.
To conduct a successful investigation, basic steps must be followed:
E-mail screening techniques can catch a perpetrator in the act of a theft, stop the unauthorized transmission of information, and/or monitor communications with other individuals.
Many e-mail screening products are available commercially, which are typically housed on a firm's email server to monitor outbound and inbound traffic. These products can be set to monitor message content for key words, phrases, names or characters of interest to the investigation, and provide options for blocking, quarantining, or flagging of messages matching the set criteria.
In the absence of such technology, evaluation of past e-mail is often a component of an investigation into an alleged theft.
Even in instances where a suspect's machine is not available for forensic evaluation, e-mails are often archived on firm servers. Forensic tools can facilitate key word searching and other techniques.
NETWORKS AN WORKSTATIONS
Commercially available software can capture keystrokes, and that data can be evaluated as part of your investigation.
These tools have become quite sophisticated, and can be used to monitor activity (document preparation, communications, Internet activity, etc.) in real time.
MAKING IT STICK
While technological advances in the workplace have made the theft of intellectual assets easier to perpetrate, it has also made the theft easier to document and ultimately resolve.
It's possible to develop proof and prosecute offenders in intellectual asset thefts, because the use of electronic media in committing the act can provide investigators with an accurate record of the transgressions.
The key to taking advantage of this technology is having the appropriate policy and procedures in place beforehand, which facilitates the investigation and sidesteps potential "expectation of privacy" defenses.
Dennis Farley is president of The Intelligence Group, a security consulting and investigations firm, based in Bedminster, N.J.
See Mr. Farley's Profile on Experts.com.
©Copyright 2002 - All Rights Reserved
DO NOT REPRODUCE WITHOUT WRITTEN PERMISSION BY AUTHOR.