Cases such as: a manager suspects his employee is feeding secret company info to a competitor, a dude claims that a colleague has some of child pornography materials on his laptop, or HR wants to pursue a case against an employee for breaching of company policy etc are not uncommon to us. Most of the time, the laptop of the suspect will just be thrown on our lap and we are expected to perform forensic and search for evidence asap.
I mentioned in my previous piece that IT forensic not only must be carried-out in a forensically sound manner, it must also be done legally. What's at stake is not only about winning the legal case but also our ass. In some countries such as Germany and other EU countries in general, one cannot simply access other's data without the owner's consent or proper approval. By performing forensic without a proper clearance, it is a criminal offense which could invite a hefty jail time.
Enough talking. So, what are the key processes for IT or digital forensic in enterprise? If you googled, you will find many useful information here and there but the principals are roughly the same. For me, I'll just stick to these 5 key processes: