Cyber Forensics has been defined in different terms in available literature. ISO (2012) terms it the identification, collection, acquisition and preservation of digital evidence of substantial value. A better, more broadbased definition that clarifies the legal context is credited to Easttom (2013), which defines Cyber Forensics as the identification, preservation, collection, transportation, analysis, and presentation of digital evidence according to legally accepted processes and procedures.

This paper focuses on the crucial role of Cyber Forensic investigation as related to Intellectual Property. In this context, Intellectual Property is classified as copyright, trademark, trade secrets, licensing and patents. Copyright protects the original “author” or owner the exclusive right to reproduce the work. Definition of copyright might vary across countries. The World Intellectual Property Organization clarifies that computer programs, databases, designs and architecture also counts as copyright (WIPO, 2003). Trademark is a brand name and includes a word, a name, a symbol or a a combination of these to uniquely identify the goods/ services. Trade secrets are confidential business information. Licensing refers to the legal agreement between the Intellectual Property rights owner and another party (licensee). Patents are Intellectual Property rights granted by the government to the inventor. Patents are usually for limited durations (Stephenson, 2014).


Cyber Forensics is tasked with a structured investigation that will maintain a chain of custody. In many cases, the Cyber Forensic investigation follows set procedures that are based on well-established scientific principles (Stephenson, 2014). The device in question would be isolated to ensure it cannot be contaminated accidentally. Then, the investigators prepare a copy of the storage media in the device. After copying that original media, the information will be locked in a safe facility to ensure that the pristine conditions are maintained. Then, investigation will be carried out on the stored copy of digital media.

More often than not, the investigators may apply different techniques and the proprietary software in examining and searching all the hidden files. All the unallocated disk space with deleted, damaged, or encrypted files are checked as well. The evidence found on the device is then documented carefully as a report. The evidence will then be verified and made ready for the legal proceedings. The legal proceedings involve depositions, actual litigation and discovery of the collected evidence.


Cyber Forensic has been used to deal with threats of Intellectual Property initiated internally, by former or current employees and externally, by business partners, contractors and third parties. This section reviews the motivation behind theft of Intellectual Property based on established models. There are two dominant models that explain information stealing within organizations. One is the Entitled Independent model where an insider is acting alone to steal information to help in a new job or own business. The other model is the Ambitious Leader model where a leader, someone with a larger purpose, recruits insiders to steal information.

According to the Entitled Independent model, without an interview, it would be difficult to find out the magnitude to which an insider would feel in charge of the information stolen. In a number of cases, the interviews and findings found out that 60% of the class of insiders who had their information stolen supported the hypothesis that they felt in charge of the stolen information. About three quarters of the entitled independents had their information stolen in their responsibility area, and 37% of the cases were involved partially in developing the stolen information. About 42% of the Entitled Independents had stolen the information or products despite having signed the Intellectual Property agreement with specific organizations (Moore et al., 2011).

Figure 1: Insider theft and deception (Moore et al., 2011)

Moore et al. (2011) found out that this kind of entitlement may be severe especially once the insider considers his function important in product development. In a case where the role of the insider is focused on contributing to a specific product, the insider would have a greater ownership sense regarding the information and product resulting into a huge entitlement. Different from the good management practice, individuals could get positive feedback due to their efforts and could interpret it as some kind of reinforcement provided their predispositions.

A number of cases depicted evidence of entitlement. For example, an entitled independent who stole, and marketed a copy of his employer’s critical software established a huge manuscript that detailed his innocence and considered the persons involved in the trial dead. Similarly, another insider stole the database of the client and offered the company some threats just because he was denied a raise (Moore et al., 2011).

Some dissatisfaction had a role to play in about 33% of the cases of independent entitlement. In most cases, the dissatisfaction came about from insider’s denial of requests. The requests denied in the cases studied involved benefits and raises, promotion application, and relocation requests. Some dissatisfaction also lead to threats of layoff in the organization victim (Moore et al., 2011).

Some of the things that trigger an insider into contemplating to steal information include the insider’s plan to move into the competing organization, dissatisfaction with their job, and the sense of entitlement to the products. As a result, the need to steal information became strong resulting into theft. Some organization may not be able to detect the theft. In some organization, the employee’s actions which appear suspicious may be observed and action taken (Moore et al., 2011).

The concerns over being caught when stealing could make the insider not to steal the information. This could be explained by the psychological predisposition of entitlement that makes an individual overestimate his abilities while underestimating the capabilities of other. Even though, the agreement of Intellectual Property may be in place, in any cases, a very low percentage of the entitled independents attempt to deceive the organization when they try to take the information (Moore et al., 2011).

According to the Ambitious Leader model, some leader may recruit the insider to steal some information especially for a larger purpose. Some of the cases include the specific plans in developing competing product or using information in attracting clients away from the organization victim. More than 50% of cases of the stealing Intellectual property fall in this category. About 38% of the cases involve insiders who were working with the competing organization so as to help his new employer. About 30% fall in this category. The last category of insider involves those who sell the information to competing firms. About 10% of the cases may fall in this category (Moore et al., 2011).

Figure 2: Theft planning by Ambitious Leader (Moore et al., 2011)

The cases where foreign entities were benefitted fit into the Ambitious Leader scenario. The study also showed that the loyalty to the native country was higher than the loyalty to the employer. Some insiders who stole the Intellectual Property were influenced by the Ambitious Leader. The insiders with loyalty to the foreign country were influenced by the goal to bring value to and relocate to the given country. All the cases of the Ambitious Leader involved an individual being influenced and motivated to promote the crime (Moore et al., 2011).


Cyber Forensic investigation helps establish the provisions that target the infringement of Intellectual Property. For example, the United States No Electronic Theft Act attempts to criminalize noncompetitive infringement. On the other hand, the Digital Millennium Copyright Act offers penalties for crimes like conduct, and the circumventing of the codes designed to have the copyright material protection (Moohr, 2001).

Cyber Forensic investigation helps prevent theft of copyright. For example, the Copyright Law targeted at preventing the infringement by the competitors holding copyright. The law acknowledges that the infringement by competitors for commercial reasons is a crime classified as misdemeanor. Initially, the criminal offense was applicable to only the people who infringed for reasons of profit and the economic competitors were subjected to some liability. However, the new legislation included a penalty to protect different type of copyright material and increased the criminal penalties severity, while ensuring that the quasi-copyright material is protected by the criminal provisions. In this case, the infringement of copy right for private financial gain, and commercial advantage were included in the law provision (Moohr, 2001).

The goal of the Copyright Law is to benefit the public through the promotion of the ideas and learning. To promote this law, authors are granted exclusive rights. The law protects the interest of the author as ways of having an end protection. In this case, the law provides access to the authors work when the statutory grant expires (Moohr, 2001).

The law offers some rights to the initial expression of ideas to overly restrict the access by the public. Confining the protection involves setting out limited rights and restricting the period of time for the rights, while maintaining an existence of material in the public domain. The law helps others to build on ideas freely.


From the study, it is evidenced that Cyber Forensic investigation helps prevent theft of Intellectual Property, helps establish the provisions that target the infringement of copyright, helps identify the motivation behind theft of Intellectual Property, and helps deal with the threats of Intellectual Property. Some of the reasons behind theft of Intellectual Property involve benefiting the foreign entities, stealing information especially for a larger purpose, insider’s plan to move into the competing organization, dissatisfaction with their job, and the sense of entitlement to the products. The two theories used to explain the insider’s motivation include the Ambitious Leader model, and the Entitled Independent model. Laws like the Copyright Law have been enacted to protect the authors against theft of Intellectual Property. In summary, Cyber Forensic investigators need to give sufficient importance to Intellectual Property rights when obtaining and reviewing digital evidence.


1.Easttom, C. (2013). System forensics, investigation and response 2nd ed. . Burlington, MA: Jones & Bartlett Learning.

2.ISO. (2012). ISO/IEC 27037:2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence. Retrieved from

3.Moohr, G. (2001). The crime of copyright infringement: An inquiry based on morality, harm, and criminal theory. Retrieved October 2016, from

4.Moore, P., Cappelli, D., Caron, T., Shaw, E., Spooner, D., & Trzeciak, R. (2011). A preliminary model of insider theft of intellectual property. Retrieved October 9, 2016, from

5.Stephenson, P. (2014). Official (ISC)2® Guide to the CCFP CBK. CRC Press.

6.WIPO. (2003, June). What is Intellectual Property? Retrieved 2017, from World Intellectual Property Organization:

The Complete Dictionary of Ailments and Diseases

The Complete Dictionary of Ailments and Diseases

Now Available: the English version of the Best-Seller “Le grand dictionnaire des malaises et des maladies (2nd Edition)” by Jacques Martel

The book entitled The complete dictionary of ailments and diseases, and such book is highly recommended be kept within anyone books collocation…

read more via

or buy it from


Translate »