Question

A pharmaceutical company recently terminated one of it's lead chemists for private reasons.  A few days later, a network security engineer discovered an unknown user accessed one of the company's research accounts and copied a confidential file to a USB device. The file contained trade secrets regarding a revolutionary new drug to help in the fight against Alzheimer's. You are sent to the former employees' residence after the lead investigator obtained a search warrant for his residence (it is not important how the detective gained the necessary probable cause for the warrant).   When you arrive on scene you learn that the suspect lives with his wife and son, who is 21 years of age. You also learn that there are 3 computers in the residence, including one located in the suspect's private office.  

Please make sure your post is no less than 200 words.

Answer 1

The Suspects private office computer raises large suspicion rather than the one in the other living room or sons room as they may be personal computer anything confidential there in the other 2 computers the probability of finding the required drug confidential files is less.

I would navigate to the suspects private computer in his office room and find if the computer do have USB ports . If yes, then try gaining access to the computer and search for recently accessed files or folders . Try to search history and cookies of his browser data , windows explorer and run a wild card search on the files example if it is a pdf then search for *.pdf in parent directory or *.doc (word doc) or (*.txt) text file in the parent Directory C: or My Computer.

Try to sort the search results based on last modified or last accessed on the top pane of the windows explorer. I hope these searches should have your figure out the files. If not found do these searches in the other 2 computers.

In the worst case if the suspect resists giving password to his computer try to confiscate his harddisk drives for all the 3 computers and also if there is any storage media (external harddisks or pen drive) and try to assist yourself with warrant for your search and also police protection if anything more than expected happens you need a backup.