Social media adds a dimension of understanding to the investigative process

Fortunately, rumors are not enough to resolve policy violations. Trusted data is needed before HR action can be taken. Interviews are often just not enough.

In the old days — a few years ago, most user data was stored on computer hard drives. Now cloud applications such as social media contain important clues. A primary source of this data is employer-owned phones. With imaging/analysis tools from Cellebrite they can be examined for evidence. Comprehensive downloads of cloud accounts like gmail and Facebook can be accomplished with proper permissions and X1 Social discovery.

Executive protection teams use comprehensive services such as geofeedia.com to research historic posts, tweets, etc. inside a geographic area of concern.

Ask your HR manager to call us at (888) eSleuth to discuss your situation.

Case study: A death threat

The healthcare employee reported a death threat activating action by HR as well as corporate security. We worked with another investigator who conducted interviews of the victim as well as managers. Because the threats mentioned personal choices that were protected by the employer a decision was made to not interview other employees.

A strange pattern was noted. As our investigation proceeded, the victim reported that additional threats that seemed to respond to our actions. When handwriting comparison was mentioned to the victim a new threat using computer generated text was received. Several suspects were mentioned by the victim. We were asked to analyze their computers. Nothing was found. Then we were asked to look at the victim’s computer.

Online activity (before the threats) indicated that the victim was generating the threats herself. Case closed.