5: Based on our lab discussion, I'd assume that he was found out by a colleague and then sent to an RIO who came down with forensics to discover what the actual data was so they could stick him with misconduct. I also think that considering that another University was involved, someone tried replicating his results and could not, which led to contacting his university.
I don't think someone got illegitimate access to the computers, that very rarely happens and when it does it's usually for ransomware.
As I said previously, I believe it was probably leaked from the inside.
If the operating system securely erased deleted data (assuming it was erased) then it would have prevented forensics recovery of whatever data was removed assuming it was erased.
Good computer security also avoids illegitimate access.
HWCase 3 Q2
I don't think someone got illegitimate access to the computers, that very rarely happens and when it does it's usually for ransomware.
As I said previously, I believe it was probably leaked from the inside.
If the operating system securely erased deleted data (assuming it was erased) then it would have prevented forensics recovery of whatever data was removed assuming it was erased.
Good computer security also avoids illegitimate access.