Final answer:
To maintain the integrity of an investigation into an employee's alleged network malfeasance, the security engineer should recommend creating a forensic image of the employee's network drives along with hashes, and archive all relevant documentation. Installing a keylogger is not advised due to potential legal and ethical violations.
Step-by-step explanation:
When a security concern arises about an employee who is on vacation, it is crucial to ensure the integrity of the investigation is maintained. To effectively address suspicions regarding malicious activity on the network, the security engineer should recommend creating an image file of the employee's network drives. This action should be completed with the generation and storage of cryptographic hashes to ensure data integrity. Furthermore, the security engineer should archive all documents and communications related to the employee to preserve evidence.
It is important to note that installing a keylogger could pose legal and ethical issues; it is a monitoring mechanism that involves capturing a user's keystrokes without their consent and could be considered an invasion of privacy. Therefore, it should not be suggested as a course of action. Instead, the focus should be on maintaining a clear chain of custody, bolstering the position that data and evidence collected during the investigation remain untampered with and forensically sound.
The Personal Data Notification & Protection Act of 2017 outlines the definitions critical to understanding the implications of a security breach, providing clarity on what constitutes unauthorized access. Adhering to this definition, the recommended solutions must comply with legal standards and aim at protecting personal data while resolving the security concerns. These steps also align with the best practices of digital forensics and incident response, ensuring a factual and defensible position if the investigation leads to further action.