Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Speeding up the Investigation of Employee Policy Violations

  • Monday, September 15, 2014 at 1:00 PM EDT (2014-09-15 17:00:00 UTC)
  • Jamie McQuaid, Jad Saliba, Rob Lee


  • Magnet Forensics

You can now attend the webcast using your mobile device!



As a forensics professional working in a corporate environment, investigating employee policy violations like time theft and inappropriate use of the Internet tend to be part of your everyday work. Like it or not, the need to conduct these types of investigations will always be there, as they are critical in protecting your company's assets and interests, and often requested by Human Resources and Legal.

The reality is that employee policy violation investigations become very repetitive for the forensics professional, and take up more time than they should.

Designed for forensics professionals who work in a corporate environment, this webinar will arm you with the tools and techniques needed to speed up employee policy violation investigations to get them off your desk.

Join Jad Saliba (CTO, Magnet Forensics) and Jamie McQuaid (Forensics Consultant, Magnet Forensics) as they discuss the common scenarios that are sucking up your time, and show you how to get through policy violation investigations faster using digital forensics tools like Internet Evidence Finder.

You'll learn:

  • How to quickly identify if an employee has been accessing inappropriate websites such as pornography, gambling or games
  • If an employee has been misusing company time (time theft)
  • If an employee has been using company resources for personal benefit (employee fraud)

Speaker Bios

Rob Lee

Rob Lee is the Chief Curriculum Director and Faculty Lead at the SANS Institute where he oversees the Digital Forensics, Incident Response, Cloud, Pen Testing, Audit, Application Security, and Cyber Defense curricula along with other operational functions in the company. With more than 24 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead forvulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team.

Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics. Prior to starting his own firm, he directly worked with a variety of government agencies, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a digital forensic and security software development team. Rob was also a directorfor MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for five years prior to starting his own business. Rob co-authored the book Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat.

Jad Saliba

Jad Saliba, Founder and CTO of Magnet Forensics, is a former digital forensics investigator who left policing in 2011 to devote all of his time to researching new methods of recovering and analyzing all types of evidence for digital forensics investigations. He has since dedicated his efforts to building Magnet Forensics and developing Internet Evidence Finder (IEF) into a thorough and easy-to-use software solution that recovers Internet-related artifacts from computers, smartphones and tablets. Jad is a recognized digital forensics speaker at industry events including: CEIC, Crimes Against Children Conference, EuroForensics, F3, HTCIA, ICDDF, SANS, and the Canadian Police College. Jad served as a police officer for the Waterloo Regional Police Service for seven years and holds a Diploma in Computer Science and Network Security from Mohawk College (Hamilton, Canada).

Jamie McQuaid

Jamie McQuaid CISSP, EnCE is a forensics investigator with a background in corporate investigations spanning various industries from telecommunications to financial services and manufacturing. His responsibilities included conducting both forensic and physical investigations as well as incident response globally across the organization. McQuaid is currently a forensics consultant at Magnet Forensics where he assists in the development of Internet Evidence Finder (IEF) and provides skilled support to customers with his combined knowledge of IEF and digital forensics. He holds an Advanced Diploma in Computer Security and Investigations from Fleming College and an Honours B.A. from the University of Toronto.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.