XYZ Corporation, a medium-sized Government contractor, found that it had begun to lose business to a tiny competitor that seemed to know exactly what the sales team at XYZ Corp was planning.
The senior management suspected that an insider was leaking information to the competitor.
A network forensic 007 was called in to investigate the problem.
A preliminary information-gathering exercise was initiated and a list of keywords was compiled to help in identifying packets that contained information of interest. A list of possible suspects, who had access to the confidential information, was also compiled.
The specific network segment relating to the department in question was put under network surveillance. Wireshark ...