Social networking solutions
I do internal investigations and my boss asked me to find out what other organizations are doing to investigate Facebook abuse. We are on a budget freeze at the moment and are hoping someday to purchase current copies of Internet Evidence Finder and CacheBack. Right now I am using a very old copy of IEF that doesn't help much with Facebook. We figure that someday we will have to buy a network monitoring package that will catch them in the act but we don't know quite what to do until then short of installing keyloggers on all our computers. I can show them going to the login page from the history but nothing beyond that of course. What are other people doing for this or perhaps it is not much of an issue elsewhere.
What is your position with the company?
I am a forensic examiner for a state government agency. I do not do criminal investigations I do internal HR investigations on employees. We have been increasingly frustrated trying to show excessive Facebook activity and understand that ultimately the way to see it is with real time monitoring but it will be a long time before we have the money for something like NetWitness.
why not just block the url in question?
Because it is allowed and we don't have a proxy server and if we did we wouldn't block it anyway because we have our own Facebook page. Here is part of our internet use policy
11. Personal Use. Moderate personal use of the Internet will be tolerated but excessive personal use is prohibited. Our policy does not allow for unrestricted personal use of the Internet. Users must adhere to other departmental and state acceptable use polices which prohibits employees from visiting certain web sites at any time.
50% of my investigations involve excessive personal use and 25% are for porn. The other 25% are real investigations for misuse, harassment, etc.
We have been increasingly frustrated trying to show excessive Facebook activity and understand that ultimately the way to see it is with real time monitoring but it will be a long time before we have the money for something like NetWitness.
You don't really need NetWitness if all you need to monitor is Facebook usage. Just extract the relevant lines from your gateway logs, dump them into a database and slice and dice as you see fit. Microsoft Log Parser works well for logs from ISA, and there are plenty of free or cheap tools that can handle most other log formats.
Thanks very much. I will talk to my boss about it. Only problem is that our routers and gateway don't belong to us. We have to request the logs when we want to see them from the state agency that supplies and administers them.
Are you getting any backlash of "unlawful, or illegal treatment/termination/favoritism/discrimination"?
In my opinion, if you are going to do anything about the Facebook, possibly dismissals, you will get lawsuits. The "Moderate personal use" got many o' companies into trouble. Here are the things I would throw at you in court,
What is moderate? What is moderate for this position? What was Jimmy, Jacky and Joey doing while you got rid of Cindy for "excessive personal use"?
Again, in my opinion you will be paying through the nose to settle those. Aren't you, individually, have to be digging up everything from e-mails, web logs, device logs, event logs, access card logs, time cards, HR records, etc. and providing them to each one of the complainers? And, I haven't even mentioned the myriads of Legal Holds…
I think if you go down the path of "excessive" - instead of inappropriate images, you might be wanting some 30(b)(6) training real soon. mrgreen