I am generally computer literate, but I have a basic question about removing documents from my work computer using a flash drive (or some other USB storage device).
Let’s imagine that I’m contemplating leaving my current employer. If I pull all of the documents that I created during the course of my employment onto a flash drive (or some other USB storage device) before I leave, will that activity be visible to my employer? In other words, will the act of moving the files show up in some kind of history or be detectable in any way? I am working remotely from my home through a VPN. I would be happy to provide any additional information you might need to respond to my inquiry, excluding my identity.
IAALAIANIIDWONIABACO*
Thanks for any direction you can provide!
*I AM a lawyer and I am not interested in discussing whether or not I am breaching a confidentiality obligation.
On a standard Windows PC with no special logging software, there is no audit trail that I know of. The trick is figuring out whether there is special logging software, it may hide itself.
Where are the documents being stored right now? If they’re on a file server or other service that the company controls, they’ll be able to see you accessing them. It’d be suspicious to see you reviewing everything you’ve ever written on one day shortly before you leave, whether they can tell you’re putting it on a flash drive or not.
If they’re stored on a computer inside your house, it’s a bit different. It’s possible to track that kind of thing, but it either takes work to set up monitoring in advance or it takes work to retrieve the evidence after the fact. (Or both, with some types of monitoring.)
Short answer: if they care about this kind of thing, and especially if there are regulations that require them to care, yep, they’ll notice. If they don’t care, there’s not likely to be anything that will bring it to their attention, though they still may be able to figure it out after the fact if they go looking. It’s risky. I wouldn’t do it unless I was confident I could handle the consequences of them finding out.
It depends on how much effort they are putting into their network security.
The organization I work for instantly detects any USB device plugged into a secured computer. They even know what kind of device it is and will shut off any unauthorized media.
Now, if you work at Dunder Mifflin Paper Company… probably not.
I think the bigger question is whether you are trying to “steal” anything owned or created by the company. If they think you are deliberately copying things to give to a competitor or use for your own purposes, you’d be liable in court.
I am an information security professional and a computer forensic examiner. I don’t know you or anything about your situation other than what you’ve posted here. My reply should be taken as general information and not specific advice. This is my opinion and not that of my employers.
(Wow, the first time I 've ever added a disclaimer to a post! Yay me!)
Anyway, as some of the folks upthread noted, your employer might have installed software on your machine that will track this sort of activity. You might not be able to detect whether this software is running. There are lots of different ways this could be accomplished depending on how much effort and money your employer wants to put into it. And, as noted upthread, if you are trying to get files off a file server or something like that, your activity is more likely to be logged.
Even if your employer is not running monitoring software on your PC, they could detect your file copying activity if they got serious about it after you turn the PC back in. Depending on the specifics, a forensic examiner may well be able to recover log files and other information to identify that you connected a USB drive and copied certain files to it. This involves looking at several data storage locations that are not generally known to the average user.
If your employer is of the suspicious type, they may collect your PC when you turn it in and have a forensic examination conducted on it. In that case, it’s likely that any activity you are trying to hide from them would be discovered. For example, if you posted this question to the SDMB from your work PC, a forensic examination might be able to uncover evidence of your having done so. A forensic examination would also be likely to uncover web searches, so if you Googled this question before posting to the Dope, your employer could discover that as well.
If the files are on a hard drive could that be removed and inserted into a converter box to temporarily make it a portable drive? That way you could access the files without booting up the drive.
Seconded. I work for government clients and it is STRICTLY forbidden to attach any kind of flash drive unless client-provided. Security risks out the wazoo. And they do have monitoring on the network to detect this, or so I’ve heard (I’ve never attempted it).
As for whether your organization does such detection, I have no idea how to tell.
Emailing the files to yourself may also be viable but some networks monitor outgoing attachments, as well (our client does; if we need to do so, we need to let someone know so they don’t freak out when they see the reports).
Depending on the specifics, this approach would also likely leave artifacts on the drive that could be uncovered by a forensic examination. The examiner would probably be able to tell that the drive was connected to another device and that certain files were accessed while the operating system on that drive was not running. It would make it a little harder on the examiner than if you just did a straight copy to a USB drive, but if someone was looking hard, this approach wouldn’t hide your tracks that well.