Description: An employee is suspected of taking confidential information or trade secrets from a prior employer and introducing it to internal systems.
Are any ExternalCompany-related files on the actor’s assigned Company assets? F1001
- Q1005 What files have ever been on a computer?
- Q1006 What files are present on a computer?
- Q1014 What files did the actor open on their computer?
- Q1027 Are there any sudden changes in the number of files on a device?
Has the actor introduced any ExternalCompany files to Company assets via downloading? F1002
- Q1001 What files were downloaded using a web browser?
- Q1008 What programs are installed on a computer?
- Q1009 What interactions with external cloud storage sites did the actor have using their web browser?
- Q1015 What syncing activities did external "cloud storage" applications do on a computer?
- Q1025 What external accounts has the actor used in their web browser?
- Q1026 What files were downloaded from messaging apps?
- Q1031 How much network traffic was there to/from a machine?
Has the actor introduced any ExternalCompany files to Company assets via removable storage devices? F1003
- Q1002 What USB devices were attached to a computer?
- Q1012 What files were copied from a USB device to a computer?
- Q1013 What files are present on a USB device?