Guidelines and tools for a digital evidence investigation process : a case study for a business data leak

Abstract

The objective of this thesis was to provide a suitable and admissible analytical framework for a digital forensic analysis carried out by an investigator. In this thesis these concepts are explained in-depth to provide what could be considered as a guide for the execution of a digital evidence investigation. It is important to note that this investigation can usually, or rather must, end in a judicial process.

The theoretical framework of this thesis has been developed by consulting books written by specialists in the field of digital forensics, ISO/IEC standard documents, as well as models described by different government organizations and user guides for the required tools. In the case study, the concepts explained previously are exposed in the case of an insider threat performing a data leak to a company in the competition. After performing the analysis of the evidence acquired for the case, it was possible to determine that a data breach performed by an insider threat took place. The results of the practical analysis are decisive in a judicial court if the procedures of the analysis have been followed, hence the importance of the proper application of the methods and use of the tools.