Paper Example on Interviews: Gather Info for Cybercrime Case, Analyze for Perpetrator

Introduction

Several people need to be interviewed as witnesses in the case in which cybercrime was committed. The questions asked in the interview should cover a wide range of areas. The primary purpose of interviewing people is to gather as much information as possible from each party after which the data collected is analyzed to determine who committed the crime. One of the people that should be investigated is the firm's president to assist the analyst in understanding the policies of the firm. The human resource manager is also a witness in the case since he/she has vital information regarding the company's employees. For instance, he can provide information regarding whether the accused had a negative performance history or if complaints regarding his behavior had been leveled against him in the past by any colleague. The third witness is the accused supervisor who works in the firm as the Product Engineering Manager. The PEM could explain to the authorities if he knew the projects that Mr. Jackson was working on before the crime was committed. The product engineering manager could also give information regarding the resources that were available for the accused while working on the project. The final person to be interviewed would be the suspect, Mr. Jackson. Mr. Jackson should be interrogated intensively about the knowledge he has on the project and all the data shared. Other witnesses include the suspect's colleagues that were working on the project with him since they know of Mr. Jackson's behavioral patterns.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Description of The Interview Setting

The environment on which the interviews will be conducted must be calm and serene to ensure that the witnesses are not tensed or intimated (Fisher & Schreiber, 2017). The witnesses will be interviewed in a spacious office since the procedure is not an interrogation. At the beginning of the interview, the interrogator should be kind and polite to the witnesses and must introduce themselves and everyone else in the panel. The primary purpose of the interview is to gather as much information as possible regarding the intellectual property theft that occurred at the firm to establish whether Mr. Jackson is guilty or not. Therefore, most of the talking will be done by the witnesses without interruption as the interviewer notes down all the information given (Fisher & Schreiber, 2017). The information provided will be compared to the one given by the prime suspect. The interviewer will then compare the information gathered from each party to establish if there is a relationship. All the relevant information written down during the interview should be compiled in a file and safely stored. If after the interview the assessment of the data collected indicates that Mr. Jackson did not tell the truth, he will be summoned for interrogation. It is also crucial to ensure that all information collected from the witnesses should remain private and confidential.

Importance of The Stages

It is essential to ensure that all witnesses are interviewed to gather as much information as possible regarding the case. The entire narrative will assist every party to be aware of why specific things and procedures are done. However, the interviewer should not at any point state that the suspect is guilty of the intellectual property theft crime. If Mr. Jackson's information from the interview differs with that of his colleagues, the former should be summoned for interrogation. At that point, the interviewer should forward the information they have to the authorities, and the process will ensure that the suspect's rights have not been violated.

Digital Evidence from The Thumb Drive

Some of the information that the lab will be required to provide from the digital thumb drive include videos, pictures, source codes, documents, and any notes. Contents like PDFs, word documents or PowerPoint presentations should also be retrieved if present. One of the primary goals of the investigation is to establish if Mr. Jackson has the source codes in the thumb drive and to check if there was any communication regarding the codes between the suspect and a third party through emails or logs. The lab should also look for any encrypted files in the device and decrypt it if possible. If any of the software code associated with the intellectual property theft is found in the thumb drive, it may serve as evidence that Mr. Jackson is guilty of the crime.

Locations to Be Involved in The Search

Several places outside Mr. Jackson's office space must be searched to gather sufficient evidence for the case. One of the areas that should be examined is Mr. Jackson's fiance's office space. Ms. Flemings forwarded Mr. Jackson's thumb drive. Therefore, there is a probability that she may have other materials that could be used as evidence against the accused. In such a case, a search warrant and informing the police are not mandatory since the firm has a right to the search. Some of the things that will be looked for in Ms. Fleming's work area include files, word documents, emails, PDFs, videos, software codes, and images. Another search area would be the couple's personal computer. However, in this case, the firm must be granted permission by law enforcement to search the personal computer is not a property of the company. There must be a search warrant to proceed with the search for any information in the personal computer that may link Mr. Jackson to the crime.

Data Analysis

After obtaining any relevant data from the gadget, a forensic image must be made. The initial procedure to do when evaluating any evidence is to make sure that the chain of custody is updated to the date the investigator logged on. The information on the timeline is essential is critical since it is used by the court of law to determine when the evidence was taken. The second step involves the making of a forensic image. The investigator must transfer the information from the thumb drive to an empty digital device to get a copy. Thirdly, the thumb drive should be check to check if there was any interference with its contents and if it was mishandled during the investigation process. Checking the condition of the digital device is crucial since it helps to determine if the evidence received is authentic. Next, the chain of custody report is updated with the investigator's information to indicate that the evidence has been given to the investigator. This fourth stage is essential since it is used to assure the court that the evidence has not been interfered with from the beginning. After the completion of the steps above, the investigator is convinced that the thumb drive is the original device. However, some rules must be followed. For instance, the golden rule of electronic evidence must be followed. All the steps involved while performing the forensic image must be logged with times and methods.

Response to The Email

The recommended software tools are EnCase, SANS, X-WAY forensics, and logikskull (Ab Rahman, Glisson, Yang, & Choo, 2016). EnCase forensic software introduces several decryption capabilities. Using the tools enables the acquisition of evidence efficiently on Microsoft Exchange and Sharepoint. The tool allows investigators to generate extensive reports while ensuring evidence integrity (Ab Rahman et al., 2016). Data can be acquired from a range of mobile devices. The SANS investigative toolkit is designed to perform a comprehensive forensic examination. The tool is multipurpose, and it contains all the apparatus that are required to perform a digital forensic assessment. X-WAY forensics is a software that runs on all windows (Ab Rahman et al., 2016). The tool is used for a wide range of functions like RAM and memory analysis, and it can read file system structures contained in image files. Lastly, the logical tool is software used for data management and automated discovery.

Hash Values

In computer forensics, a hash value is a unique identifier for any collected data (Gopalakrishnan, Vineti, Mohan, & Sethumadhavan, 2018). The primary function of the hash value is to ensure data integrity suing particular mathematical functions. During the investigation, the hash value was used to determine if there was any source code in the thumb drive. Hash values are also capable of verifying data integrity. An investigator takes the hash value of the gadget and runs a bit-by-bit copy (Gopalakrishnan et al., 2018). If after running it is discovered that the hash value between the device and the copy is the same, then the duplicate can be used without any notion that it would be interfered with.

Reporting the Crime

The matter involving Mr. Jackson's case should be forwarded to law enforcement. Since Mr. Jackson is no longer an employee of the company, any punishment by the firm is limited. There is a probability that the company will incur costs while being in battle with the other firm that might have obtained the source code from the suspect if law enforcement is not involved. Moreover, since Mr. Jackson's personal computer is not a property of the firm, gaining access to the laptop and retrieving information will require a warrant from the local authorities. If found guilty of stealing the source code, Mr. Jackson will be arrested and charged in court.

Expert Witness

An expert witness has a greater comprehension of the evidence presented in court. As an expert witness, one can use their years of experience by submitting similar evidence from past investigations that can be used by the court to incriminate Mr. Jackson. Unlike fact witnesses, expert witnesses deal with digital forensic tools are familiar with all their processes and operations (Marion, Kaplan, & Cutler, 2019). A fact witness only reports their findings, but an expert presents a comprehensive assessment of the same.

Bias in Support of Law Enforcement

I have presented all the evidence gathered indicating that Mr. Jackson stole the source code. What I have documented is evidence obtained from digital forensics, and there is no bias of any form whatsoever. I have also been an expert witness of the court for a long time, and I have created a good reputation regarding my line of duty. Never once in my career have I ever being biased in any way since I am focused on ensuring that justice is served. The evidence I am presenting in court today reflects the actual criminal activities that occurred within the company.

References

Marion, S., Kaplan, J., & Cutler, B. (2019). Expert testimony. Psychological Science and the Law, 318.

Gopalakrishnan, A., Vineti, E., Mohan, A. K., & Sethumadhavan, M. (2018). The Art of Piecewise Hashing: A Step Toward Better Evidence Provability. Journal of Cyber Security and Mobility, 7(1), 109-130.

Ab Rahman, N. H., Glisson, W. B., Yang, Y., & Choo, K. K. R. (2016). Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Computing, 3(1), 50-59.

Fisher, R. P., & Schreiber, N. (2017). Interview protocols to improve eyewitness memory. In The Handbook of Eyewitness Psychology: Volume I (pp. 53-80). Psychology Press.