1. China Case Study 1: Trade Secret Investigation
Background: A large China company recruited a group of interns (more than 20 people) to intern in various internal departments. Later, internal employees reported on the Internet that related materials related to the company's products were disseminated on the Internet. The risk control department carried out investigation and evidence collection after receiving this report. Through preliminary investigation, it was found that the document leakage may be related to the interns. Investigation process: The company's IT security department has security control measures for USB media, so it focuses on forensic analysis through software such as e-mail, instant messaging tools, and network disks. Analyzed the program running traces on the computers used by more than 20 interns, and found that one of the PCs had run the Baidu cloud disk program, but the software installation directory no longer exists (uninstalled). The company hired a third-party forensic expert to assist in the investigation. The expert fully reproduced the user's behavior by analyzing the NTFS file system log and let the evidence speak for itself. This includes information such as the time when the user downloaded the Baidu Cloud Disk software, the time when the Baidu Cloud Disk software was run for the first time, the file name record and time uploaded, and the time when the Baidu Cloud Disk software was uninstalled. Investigation results: Successfully found the interns who leaked the company's information to the Internet, and restored the ways and methods for their file transfer, found the company's existing IT risk points, and suggested at the same time. AmerAsia email: henrytsui@amerasiacompany.com
AmerAsia Company - Beijing AmerAsia China IT Consulting – Data Drill – CaliCoin.io – AmerAsia Report – Reciprocity Project