The following story has been relayed by several blogs and newspapers. An employee was fired for violation of its company computer usage policy: Child porn was found on his laptop.
The first human reaction facing such evidences is not always the best one: “Guilty!”. A computer forensics analyst spent one month to analyze the notebook and found more evidences to prove the employee was non-guilty. When he received the notebook from another employee (re-assigned), no cleanup was performed and only the user name was changed but the admins forgot to update the SMS side (Microsoft System Management Server). The result was a notebook not being updated for a while and infected by tons of malware and viruses. One of them visited malicious web sites and downloaded illegal material.
Good news for him, the complaint was dropped but what are the conclusions of this bad story?
- A good policy must be in place to cleanup notebooks (re-assigned or retired).
- The human behavior is very sensitive to emotional reactions (which directly affect us, friends or family). First try to detach from all emotional feelings and analyze evidences with a neutral point of view.
- Viruses behavior changes! The first viruses were destructive (erase data), then came malwares which try to grab valuable data (passwords, SSN, PIN) and now, they try to directly impact the users life. Remember the case about the forum on epilepsy.