4 Responses 06/24


Shravya Work:

When a cybercrime crime happens, it is very important for a true cyber professional to undergo through the process of identifying, preserving, analyzing, and presenting digital evidence. This process is called "Digital Forensics". We come across in our daily lives, people commit the information theft while departing the organizations. It could be stealing the customers information and selling to the competitors from which they can make money, copying the source code in case of IT fields. There are a number of ways to catch the employees who are associated with these kinds of crimes.

In a field like Health, medical, hospitals, the Patient Information is more important like PHR (Personal Health Records). He could sell this information to competitors, online Information brokers, Pharmacies etc...  If the departing employee steals the information digitally, it must be stored somewhere electronically. It could be thumb drives (USB), hard drives, email attachments, usage of cloud space. If the user deletes any information from the hard drive, it could be found in the Recycle bin folder. Computer Forensics must list out this under the checklist.

When suspicions of patient information theft arise, it is crucial to engage a Digital Forensics expert to conduct a theft of IP analysis in order to preserve electronic data and uncover important evidence. With the help of specialized software, the Digital forensics expert can reveal digital footprints such as Files recently opened, Internet Activity, Recently Printed documents. While confirming that a USB device was connected to a computer is significant, it is even more important to know what files were accessed and potentially transferred to the device. The Microsoft Windows operating system creates various artifacts when a user opens a file or folder. It is possible to install the apps on mobiles to go through the office emails and forwarding them to personal emails.


Atlantic Data Forensics, 2019. "How Computer Forensics Can be Used to Investigate Employee Data Theft" Retrieved from " https://www.atlanticdf.com/blog/2019/01/17/how-digital-forensics-can-be-used-to-investigate-employee-data-theft/ "

Tetra Defense. "FORENSIC CASE FILES: EXONERATING AN EMPLOYEE OF DATA THEFT” Retrieved from “ https://www.tetradefense.com/incident-response-services/forensic-case-files-data-theft/

Timothy Opsitnick, Joseph Anguilano and Trevor Tucker 2017. "Using Computer Forensics to Investigate Employee Data Theft" Retrieved from " https://www.tcdi.com/computer-forensics-whitepaper-trevor-tucker-joe-anguilano-tim-opsitnick/ "

Rajesh Work:

One of the vices of a health provider is to break patient confidentiality. This is where patient's data should never be disclosed without their consent. This will be any data concerning the patient's medical history or background. In this case, a hospital worker is under suspicion that he has misused his authority and shared data that concerns patients to outside sources (Ghosh, 2019). To find the truth about the accusations, an investigation has to be done.

The first area to be investigated will be the accused cellphone or computer. From this cellphone or computer, you can find out if any data was shared and to whom it was shared. This will be through accessing who the worker has been communicating with and if any files about the patient's information have been shared (Ghosh, 2019).  Listening to the worker’s phone calls, checking his emails and text messages should reveal something about the breach.

In the case that the data was not electronically shared, the worker might have set up a way to meet with the second party through a phone call, text message, or social media platforms (Leung, 2019).  This will only prove that the worker has been in contact with the accused recipient of the data, evidence that will support that the accused shared patient's information must be provided. As the hospital keeps the patient's information electronically, another source of evidence will be from the records.

The hospital has set up user authentication to protect data from unauthorized persons. Besides, any data that has been shared gets recorded as shared. To prove that this worker accessed the patient's data and copied it to share with the pharmacy should be provided with hat evidence (Leung, 2019). If his authentication credentials were used to gain access to this system when data was copied or shared into any device will make him guilty. 


Ghosh, M., Sanadhya, S. K., Singh, M., White, D. R., & Chang, D. (2019). Fbhash: a new similarity hashing scheme for digital forensics.

Leung, W. S., & Blauw, F. F. (2020). An augmented reality approach to delivering a connected digital forensics training experience. In Information Science and Applications (pp. 353-361). Springer, Singapore.