Person and Organizational Searches
From his bragging we know that Boy WonderCoder was hired by our chief competition: OtherCompany. Your investigation shows a syncing cradle at the PC: WonderCoder synced his company-provided handheld computer to the company PC. This means all of his contacts, his appointments, and possibly his emails would be a part of the PC. Did he use his handheld to contact a competitor? Sure did.
Let’s get bold. Let’s search for document types where Company:OtherCompany shows files and contacts from OtherCompany. Wow! The contacts listing shows WonderCoder spent a lot of time with A. HeadHunter, their Personnel person, as well as Simon R. Sinister, their Director of Research. This doesn’t look good and must be mentioned in your report to management. So, let’s examine the emails.
Another modifier, kind:email, will ensure we return those document types only. Within that type, we can search using the from: modifier. So, using the from:Sinister query, we find some very interesting news. Now, let’s type "from:Sinister kind:email." After reading Sinister’s email, it’s evident that WonderCoder’s work has had a lot of external mention.
WonderCoder’s work on the new product is well recognized, thanks to his Internet bragging on newsgroups and other venues. We determined that from searching the web with the web button. It’s amazing how many posts to external groups were sent on company time with company equipment and IP addresses. Given all the details provided in the posts, there may be real NDA (Non-Disclosure Agreement) issues. Yes, those emails were certainly noticeable to many competitors.
Sinister’s email to WonderCoder was sent a month ago. So now, we can search for any emails returned by him, from:WonderCoder. So why is WonderCoder giving a big attachment in a return email? As you attempt to open the attachment, guess what? It’s encrypted.
What are the chances this guy might keep a password list among all the other information on the PC? Would he include the password in a separate email to Sinister? Our query "password" shows an email with the pre-arranged password sent to Sinister. This doesn’t look good.
And the same handheld, the one with no login security, has a file with all of his passwords for all company systems—good thing this handheld never got lost in a taxi. Here’s hoping WonderCoder’s managers notified HR to disable his accounts. Here is some more news for the managers: our handheld security policies need work, and we need to make sure employee separations are handled consistently—and more quickly.