A portable computer forensic kit suitable for corporate investigations should be similar to most kits used to investigate criminal cases. Because of the differences in the type of investigation, certain areas and procedures would be omitted or added. Corporate investigations usually involve matters concerning accounting, intellectual property, misuse of resources, and theft. Although these can bleed over into the criminal realm, many, such as the misuse of social media by employees, do not. Because of the competitiveness of the marketplace, it is extremely important anything occurring that may impact a company’s reputation or financial stability is taken care of as quickly, and quietly, as possible.
Since confidentiality concerning the investigation is very important, a very discrete service would be necessary to keep individuals outside of the organization, as well as employees, as far away from its details as possible unless necessary. Since an investigation may involve an employee who has left the company under other than the best conditions, services such as password recovery, data recovery, and forensic retrieval of mobile device data may be required.
A good toolkit to investigate corporate cases is the EnCase Cyber security software suite. It provides most of the tools necessary to accomplish the tasks stated above. Guidance software, part of the EnCase solution, gives an investigator the capability to identify current or prior employee misconduct (www.encase.com, 2014). The software suite can be used to drill down to one particular or employee, or cover an entire network to find chat messages, email, metadata information, and deleted files discretely. It also does not interrupt business operations so the investigation can go forth without disruption of important corporate employee duties. The software allows the archival of an employee’s hard drive to protect from wrongful termination allegations or to ascertain what information the employee may have taken to a competitor (www.encase.com, 2014). The software is also capable of collecting data from smartphones and tablets using Android, Apple iOS, Palm, Windows Mobile, and even Blackberry operating systems.
The EnCase Portable Kit costs approximately $299.00 and includes a 4GB pocket-sized USB device, a portable installation DVD, and a portable boot CD. It allows a mobile forensic team to quickly view data on a computer in real time and aids non-forensic personnel to perform investigations in the field. The collected data can easily be transferred into EnCase Forensic or EnCase Enterprise software for further examination. This portable kit allows forensic teams to enter an organization and perform an investigation without employees or non-employees being aware of their activities. It can easily be carried in a briefcase or a laptop case along with other tools necessary for the job. It could also be added to the Velocity Forensics Mobile Triage Kit containing portable write blockers, two 32GB USB thumb drives, cell phone cables, and assorted triage software (tritechforensics.com, 2014). The price for this kit is approximately $10100.00 and is included in a ruggedized case for easy transport. These cases can be tailored for each team’s use so a laptop can be added to the kit. The HP EliteBook 8570w Notebook satisfies these requirements necessary for investigative work. It contains a third generation Intel Core i7-3630QM, 8 GBDDR3 of memory, and a 500 GB hard drive. The approximate cost is $1565.00 (tigerdirect.com, 2013).
Consider kits that are complete, compact, and forensically sound.