Who, what and where are often times the most important
pieces of the puzzle that our investigators are called
upon to determine. Who had access to the computer
what files in question were deleted or last accessed?
What files were copied or printed out? Where was
this information created? Was it created on this
computer or another computer? Was the information
sent to a competitors email account? Or was information
extracted remotely? Putting these pieces together
in a chain of events format often leads to person
or persons involved in the crime.
