CY4OR Computer Forensics
Industry NewsCY4ORPress ReleasesCY4ORCase Studies / White PapersCY4ORMediaCY4ORLinks
News | Industry News

Case Study: Corruption and Internet Misuse

An employee of one of the UK's largest communications companies stated that he was being dealt with unprofessionally by his manager. Whilst the company’s human resources departments were dealing with this complaint an email was uncovered with content that was sufficiently serious to necessitate a full internal investigation.

During this investigation further emails indicating potential corruption involving this employee and several others from external chain suppliers were identified from the employees email account on the company’s Microsoft Exchange Server.

The employee had access to a company laptop which CY4OR were subsequently instructed to analyse to identify any inappropriate correspondence or evidence indicating corruption between the employee in question and the employees of external suppliers.

In a Microsoft Exchange Server environment data is stored in mailboxes as the default information store and Microsoft Outlook data resides in personal folders. Even in an Exchange Server environment, Outlook might have been configured to archive data to a personal folder on a local machine automatically, or data might have been exported to additional personal folders for specific project or to keep data out of a mailbox. The analysis identified nineteen 19 personal folders stored on the laptop.

The initial routine complaint regarding conduct in the workplace had now developed into an investigation of corruption against the employee concerned. Although this was identified by the experienced internal investigators, the computer forensic analysis assisted their investigation by identifying deleted documents and further notable emails from the personal folders stored on the laptop, indicating fraud involving the employee and employees of several external suppliers.

The investigation also identified a significant amount of graphics indicating Internet misuse by the laptop user that was contrary to the company’s acceptable use policy. The laptop, by default, was set to record the content of web pages visited in a temporary Internet cache which allows for speedier reproduction of the pages if they are subsequently re-visited. It was therefore possible to recreate the web pages that had been visited from the laptop in order to give an overview of the material that had been viewed; this identified several notable links to inappropriate websites. The internal investigators would not have had this information without computer forensic analysis.

<< Back to Case Studies
Download this computer forensic case study
Corruption and Internet Misuse (71kb)
Call CY4OR on 0845 612 8123
email CY4OR: webenquiries@CY4OR.co.uk
LONDON MANCHESTER AYLESBURY
Computer Forensics | Mobile Phone Forensics | E-Discovery Litigation | Audio Forensic Analysis | Document Analysis | Computer Fraud | Search & Seize Orders | Expert Witness UK |
Digital Forensics | Computer Crime Investigation | Free CPD Accredited Seminars | Case Studies | Press Releases | Glossary | Privacy | Legal | Site Map | CY4OR Limited © 2007