Have any of you ever been involved in a review where by an internal employee may be running or working for an external company in works time, using works IT kit (PC, mail, storage on file servers etc). If so have you any steer on areas of evidence you looked for to try and identify evidence of this.
We have a seized PC, exchange mailbox and a couple of old PST archives, and a networked home drive. What kind of analysis would you run to try and prove this; it needs to be targeted searches and not a look through everything/privacy violation as it could turn out to be untrue. What kind of files or evidence would you typically look for such reviews. How would you approach such a case.