Evaluating Network Permissions in Investigations

Cybersecurity, information governance, e-discovery, regulatory compliance and big data are only a handful of the buzzwords that relate to the growing and evolving list of information worries that keep risk, legal, compliance and IT professionals up at night. As a digital forensic investigator I have worked with clients extensively to navigate corporate internal and regulatory investigations, and have experienced how risk, IT, legal and compliance intersect across the many stages of investigation.

In a recent article in Digital Forensics Magazine, I discussed one of these areas: how to evaluate network permissions during an investigation. This includes knowing what data specific people have access to, and understanding how to search for and collect data in relation to that access. In an investigation aimed at collecting evidence related to the activities of a person of interest, one important step may be identifying the file shares to which such person had access and gaining a clear picture of their overall network permissions. This approach can help investigators gain a better understanding as to which information that person had access.

Often, the task of collecting group share data from servers is approached by collecting and processing the entire share, which can be complicated and requires overhead for new processes and technologies. An alternative to this is to identify the shared folders an individual custodian has access to, and collect only those folders. The article includes technical detail as to how to leverage this approach, and also discusses best practices for achieving efficiency in investigations, nuances of trade secret theft and IP investigations and the role advanced analytics play in helping investigators find the smoking gun.

Read the full article »

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.