SCENARIO
An oil company’s senior management has reason to suspect that John Smith, one of the company’s mechanical engineers allegedly took information that was clearly identified as proprietary. The company’s legal office has requested digital evidence regarding the potential violation of company policy, which prohibits the sharing of proprietary information without prior approval. The employee was not authorized to access proprietary information. All employees sign nondisclosure agreements (NDAs) and acceptable use policies (AUPs). Senior management and the legal office have approved this request.
You are a member of the investigative team that has been asked to develop an investigative plan of action.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The originality report that is provided when you submit your task can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
A. Create an investigative plan of action based on forensic best practices or standards that your team will implement by doing the following:
1. Discuss the strategy that your team will use to both maximize the collection of evidence and minimize the impact on the organization.
2. Describe the tools and techniques your team will use in evidence gathering, preparation, and analysis.
3. Describe how your team will collect and preserve required evidence, using standardized and accepted procedures.
4. Describe how your team will examine the seized evidence to determine which items are related to the suspected violation of company policy.
5. Discuss an approach that your team will use to draw conclusions based on the digital evidence that supports the claim of a policy violation.
6. Discuss how the case details and conclusions should be presented to senior management.
UBRIC
A1:STRATEGY
NOT EVIDENT
The submission neither discusses a strategy that will be used to maximize the collection of evidence nor one that will minimize the impact on the organization.
APPROACHING COMPETENCE
The submission discusses the strategy that will be used to either maximize the collection of evidence or minimize the impact on the organization, but it does not discuss both. Or the discussion contains inaccuracies, or it is not based on forensic best practices or standards.
COMPETENT
The submission accurately discusses the strategy that will be used to both maximize the collection of evidence and minimize the impact on the organization, and the description is based on forensic best practices or standards.
A2:TOOLS AND TECHNIQUES
NOT EVIDENT
The submission does not describe the tools or techniques to be used in evidence gathering, preparation, or analysis.
APPROACHING COMPETENCE
The submission describes the tools and techniques to be used in evidence gathering, preparation, or analysis, but the description contains inaccuracies, or it is not based on forensic best practices or standards.
COMPETENT
The submission accurately describes the tools and techniques to be used in evidence gathering, preparation, and analysis, and the description is based on forensic best practices or standards.
A3:COLLECTION AND PRESERVATION OF EVIDENCE
NOT EVIDENT
The submission neither describes how required evidence will be collected nor how the evidence will be preserved.
APPROACHING COMPETENCE
The submission describes how required evidence will be either collected or preserved, but not both, or the method for collecting or preserving the evidence does not use standardized and accepted procedures. Or the description contains inaccuracies, or it is not based on forensic best practices or standards.
COMPETENT
The submission accurately describes how required evidence will be collected and preserved using standardized and accepted procedures, and the description is based on forensic best practices or standards.
A4:EXAMINATION OF EVIDENCE
NOT EVIDENT
The submission does not describe how the seized evidence will be examined to determine which items are related to the suspected violation of company policy.
APPROACHING COMPETENCE
The submission describes how the seized evidence will be examined to determine which items are related to the suspected violation of company policy, but the description contains inaccuracies, or it is not based on forensic best practices or standards.
COMPETENT
The submission accurately describes how the seized evidence will be examined to determine which items are related to the suspected violation of company policy, and the description is based on forensic best practices or standards.
A5:APPROACH TO DRAWING CONCLUSIONS
NOT EVIDENT
The submission does not discuss an approach that will lead to drawing conclusions.
APPROACHING COMPETENCE
The submission discusses an approach that will lead to drawing conclusions, but it is not based on the digital evidence that supports the claim of a policy violation. Or the discussion contains inaccuracies, or it is not based on forensic best practices or standards.
COMPETENT
The submission accurately discusses an approach that will lead to drawing conclusions based on the digital evidence that supports the claim of policy violation, and the discussion is based on forensic best practices or standards.
A6:PRESENTATION OF DETAILS AND CONCLUSIONS
NOT EVIDENT
The submission does not discuss how the case details and conclusions should be presented to senior management.
APPROACHING COMPETENCE
The submission discusses how the case details and conclusions should be presented to senior management, but the discussion contains inaccuracies, or it is not based on forensic best practices or standards.
COMPETENT
The submission accurately discusses how the case details and conclusions should be presented to senior management, and the discussion is based on forensic best practices or standards.
B:SOURCES
NOT EVIDENT
The submission does not include both in-text citations and a reference list for sources that are quoted, paraphrased, or summarized.
APPROACHING COMPETENCE
The submission includes in-text citations for sources that are quoted, paraphrased, or summarized and a reference list; however, the citations or reference list is incomplete or inaccurate.
COMPETENT
The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available or the candidate does not use sources.
C:PROFESSIONAL COMMUNICATION
NOT EVIDENT
Content is unstructured, is disjointed, or contains pervasive errors in mechanics, usage, or grammar. Vocabulary or tone is unprofessional or distracts from the topic.
APPROACHING COMPETENCE
Content is poorly organized, is difficult to follow, or contains errors in mechanics, usage, or grammar that cause confusion. Terminology is misused or ineffective.
COMPETENT
Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.