Discovering all activities of an employee, logging every single key-strokes allow the investigators to find out what the employee did during his logon session. Also, the investigators are able to figure out what files were deleted by compare these logs with a backup log.
Challenges
The Intrusion Detection System (IDS) is a growing need in most organizations both private and public. The IDS can generate a massive number of log files depending on organization’s traffic volume and information they handle. The investigators have to know how and where to find sufficient information with the log files. In addition, they need to look for evidence from multiple log files in different areas which may take a long time to complete. Using log files as the evidence, the investigators have to prove that the log files are admissible to the judge and jury. The U.S. Code Tile 28, Section 1732 states that “logs files are admissible as evidence if they are collected in the regular course of business.” In any case, this standard of admissibility does not ensure that in a specific case log files can be considered legal. This means the organization has to have logging turn on in their network all the time which builds up a vast amount of large files and causes storage issues (Vacca & Erbschloe, …show more content…
Also, mane mobile devices have master reset codes that can wipe out all contents of the device to default factory settings. For example, FBI tried to crack an iPhone in San Bernardino shooting case. The iPhone has a feature that will wipe all data stored on the phone after 10 failed phone-unlock attempts. Another feature is that waiting time for next unlock attempt gradually increases the time allowed between attempts (Nakashima, 2016). In addition, mobile devices might be found in a damaged condition, caused by accident or considered activity. Devices with noticeable external damage don’t certainly prevent data extraction. Modern mobile devices allow users to perform remote lock and/or remote data wipe with a simple text command to the device. Forensic examiners have to take precautions when dealing with mobile devices in terms of handling and isolating them from other