please identify hearsay evidence in Trial 2 in a tabular form (please cite references where appropriate).

tabular form e.g.

Statement	Discussion
Trial 2, Spade, Appendix D - Sally Wu's conversations with Peter Ormiston: p. 24	Out of court statement proffered to prove the truth of its contents ie that Eastpac Bank reference was forged: case authority on this point

Use these cases when referencing a point

Subramaniam v Public Prosecutor [1956] 1 WLR 965, 971.

R v Jones(2006) 161 A Crim R 511, 520 [31] (Duggan J).

R v Walton(1989) 166 CLR 283,301 (Wilson, Dawson & Toohey JJ).

Subramaniam [1956] 1 WLR 965, 970.

R v Walton(1989) 166 CLR 283,288 (Mason J).

R v Jones(2006) 161 A Crim R 511, 520 [31] (Duggan J).

Benz v R (1989) 168 CLR 110,133 (Dawson J).

R v Walton(1989) 166 CLR 283,288 (Mason J).

Trail 2 - identify hearsay evidence and stamens and reference

Extracts from the Statement of Sam Spade, Managing Director of Secure Force Ltd July 31, 2021

1. I am the Managing Director and majority shareholder of Secure Force Ltd (SFL), a position that I have held for the past ten (10) years.
2. SFL has a well-established reputation for the supply of high-quality cybersecurity advisory services to state and federal governments and to financial and other commercial organisations. SFL clients include Australian banks, infrastructure companies, the South Australian Department of Finance, and SATAC.
3. Managed Security Services (MSS) are a principal component SFL's business, which involves full-time monitoring and management of clients' IT systems in Secure Force's Cyber Security Operations Centre (CSOC) so as to defend clients against external and internal cybersecurity threats. SFL also provides professional services related to cyber-security risk assessment and IT anti-crime and asset recovery services.
4. I first met Cheryl Heinze in April 2019 while I was working for SFL on a major IT project for the New South Wales government related to the setting up of a disaster recovery system should the government's main IT systems become disabled through a ransomware attack or other cause. The New South Wales government had engaged Ms Heinze's family company, Orange Grove Pty Ltd, to provide IT consultancy services and SFL was engaged to provide supplementary cybersecurity services.
5. By May 2019 Heinze's contract with the New South Wales government was coming to an end and as demand for cybersecurity services had rapidly increased and we were short of staff I encouraged Heinze to join SFL. A draft employment agreement was exchanged and over the course of 2 meetings it was agreed that Heinze would commence work with SFL on July 1, 2019. The day before commencing work, Heinze signed a written non-disclosure agreement designed to protect SFL's confidential information.
6. Heinze was employed to work in the CSOC as a cyber security engineer. This role required Heinze to monitor client computer networks and systems for threats and security breaches; install, alter, and update security software and firewalls on client systems; test client systems for potential vulnerabilities; recommend strategies for security best practices throughout client companies; investigate breaches and deploy incident-response plans; report on security incidents and propose effective responses to future internal and external cybersecurity breach.

1. Heinze's work did not extend to business planning, budgeting, marketing, contract management (including defining scopes of work) or the management of client relationships on behalf of SFL.
2. Initially Heinze performed her work well. However, about 18 months into the role, Heinze began behaving erratically. She would get into arguments with co-workers and began taking unauthorised absences from work - missing team meetings.
3. I met with Heinze on two occasions once in January 2021 and again in February 2021 to discuss her work performance. After the 2^nd meeting, I provided Heinze with a written warning explaining that her absences required substantiation with a medical certificate and advice to her line manager and team members. The warning also counselled Heinze in relation to behavioural matters regarding her interactions with colleagues.
4. In March 2021 SFL discovered that Heinze had failed to undertake routine compromise assessment on one of SFL's smaller client's systems. The client, Partridge Pty Ltd, was a property conveyancer. Heinze failed to identify missing security patches on Partridge Pty Ltd's IT system, consequently exposing Partridge Pty Ltd to cybersecurity breach and loss of its property clients' funds. The missing patches were discovered after another SFL employee carried out a compromise assessment while Heinze was on leave. Fortunately, the missing patches were discovered before any external attack could be perpetrated. Otherwise, if an external attack had occurred, this would have been very damaging to SFL, Partridge Pty Ltd, and Partridge Pty Ltd's clients.
5. At this point, I decided that Heinze should be placed on a formal performance improvement plan. I met with Heinze on March 15, 2021, and discussed outcomes, quality standards, and timelines for her performance improvement. These were set out in a written performance improvement plan provided to Heinze following the meeting. A copy of the written performance improvement plan is set out in Appendix A.
6. During the meeting Heinze explained that her performance over the past 2 - 3 months had been affected by illness. Heinze claimed to have contracted COVID-19 in late 2020 and to be continually affected in terms of fatigue, joint and muscle pain, heart palpitations and mood. However, no COVID-19 test results or medical certificates were available to substantiate this claim and up until this point (and contrary to SFL policy) no COVID-19 notifications had been made to SFL.
7. Heinze also complained that she had not been paid what was due to her under her employment contract. Heinze contended that she was due bonus payments as a result of meeting certain key performance indicators (KPIs) set out in the contract. However, I disputed that these KPIs had been met and explained that no bonus payments were therefore due.
8. Under the agreed performance improvement plan, Heinze was to meet every two (2) weeks with her line manager, Deepak Singh, to discuss progress. As far as I was aware, Heinze attended these meetings and there were no further unexplained absences or adverse interactions with other employees. Therefore, until May 2021, I believed that as a SFL employee Heinze was back on track, and all was well.
9. On May 14, 2021, Singh reported suspicions that Heinze had been dealing with one of our competitors, Cannon Ltd. A colleague had told Singh that he had seen Heinze at a city coffee shop in deep discussion with a Cannon Ltd recruitment manager. Singh also reported that Heinze had been asking about SFL business procedures, operations, and records. Since Heinze was employed as a cybersecurity engineer rather than as a business development manager, combined with the intelligence regarding contact with Cannon, Singh told me that he thought this was a 'very fishy situation.'
10. I agreed with Singh's assessment and decided to authorise another SFL employee to undertake covert surveillance of Heinze's work laptop. The covert surveillance consisted of undertaking a scan of Heinze's work laptop for evidence of meetings and communications between Heinze and Cannon as well as unauthorised downloads of SFL's confidential information, and of inserting of 'key logger' software to track her future keyboard strokes.
11. The scan of Heinze's work laptop revealed that Heinze had copied a detailed list of current and potentially valuable prospective SFL client contacts, sourced from a list created at my direction for distribution of marketing material. Clearly such a list would be valuable to SFL's competitors. A copy of this information is set out in Appendix B - Confidential Exhibit SF-2.
12. In addition, the scan found a folder marked 'Stuff' comprised of 80 electronic sub-folders. Each sub-folder contained detailed documents related to a SFL client including business and sales proposals, service offerings, pricing and terms and conditions for the delivery of cybersecurity services, and the design methodology and framework for goods and services that would or might be supplied. All this material had been downloaded onto Heinze's work laptop without authorization from SFL's main database of client information. A copy of this information is set out in Appendix B - Confidential Exhibit SF-3.
13. Ongoing surveillance on Heinze's work laptop gained through the use of key logger software showed that Heinze would regularly update this information from SFL databases. A copy of the updates is set out in Appendix B - Confidential Exhibit SF-4.
14. The ongoing surveillance also produced evidence of communications between Heinze and Cannon personnel. In addition to surveilling Heinze's work laptop I also directed an SFL cybersecurity analyst to access Heinze's family company website - Orange Grove Pty Ltd's domain and to cause the domain to automatically forward emails from Heinze's private email address to an email created for SFL surveillance purposes. One of these communications related to a meeting with Cannon and a potential SFL client, Argus Ltd and a proposal going to Argus for a high-grade cyber security risk assessment. A copy of these communications is set out in Appendix C.
15. On May 25, 2021, I decided that Heinze was a security risk for SFL and its clients. I directed that all Heinze's meetings with team members and clients should be cancelled and that Heinze should be informed that she was to be stood down until a workplace investigation could be undertaken into her misconduct. At that point, Heinze remained in possession of her work laptop.
16. On June 2, 2021, through the key logger surveillance I learned that Heinze had copied everything on her work laptop across to another personal device. As a result of this egregious misconduct, I therefore immediately terminated Heinze's employment contract, effective 12 am June 3, 2021.
17. Straight away I contacted SFL's lawyers, Bloggs and Co, who wrote to Heinze on June 3, 2021, outlining that SFL had reason to believe that Heinze had taken SFL's confidential information. Their letter also sought an undertaking that SFL's information would not be used or disclosed. Heinze refused to provide that undertaking and so proceedings for an injunction against Heinze and Cannon were issued on June 10, 2021. The proceedings were supported by an application for the immediate delivery of all sources of SFL's confidential information which was in either Heinze's or Cannon's possession including Heinze's work laptop and any other computer, hard disk drive or other data storage media to an independent forensic computer firm, Forensic IT Ltd.
18. When this matter came on for a court hearing on June 17, 2021, regarding the application for the interim orders outlined above, I learned that Heinze could no longer deliver up the computer to which she had transferred the SFL information because she had deliberately destroyed its hard drive. However, I learned that Heinze's work laptop had been provided to Forensic IT Ltd for analysis.
19. On July 2, 2021, I later learned from my lawyers, Bloggs and Co, that prior to surrendering her work laptop to Forensic IT Ltd, Heinze had deleted the 'Stuff' files in an attempt to hide that these had been downloaded. However Forensic IT Ltd was able to recover the deleted files.................................................................................................................
20. In early July I instructed our Human Resources manager to conduct a background check on Heinze to determine whether she had been involved in any similar breaches of confidentiality. I received a report from the Human Resources Manager outlining that Heinze had forged two written references that she lodged with us during negotiations over her employment contract. The forgeries were discovered when the Human Resources Manager attempted to contact the authors of the 'references.' Extracts from the Human Resources Manager's Report are set out in Appendix D........................
21. I also commissioned an investigation into whether Cannon Ltd had been involved in any prior litigation concerning breach of confidential information. The report prepared by Bloggs & Co which is annexed in Appendix E shows that a search of legal databases such as Westlaw (Australia) and Australian court registries reveals that Cannon Ltd had been involved in three prior cases involving breach of confidential information. These were:

(a) A case in 2013 where an interim injunction was issued preventing Cannon Ltd from disclosing or using confidential information unlawfully acquired from a competitor. The case subsequently settled for an undisclosed sum.

(b) A case in 2018 where a person employed by Cannon Ltd was issued with an injunction preventing him from disclosing or using any confidential information belonging to his former employer whilst working for Cannon Ltd.

(c) A case in 2019 where a search order was made against Cannon Ltd preventing it from destroying or hiding any evidence relevant to a claim of breach of confidence apropos a potential business partner. The case was subsequently settled for an undisclosed sum.

Appendix C - Communications between Heinze and Cannon Ltd

For the purposes of this course please assume that this appendix contains printed copies of various emails from Heinze's personal email to Cannon Ltd personnel. Of particular note is the following:

To: &..h@cannon.com.au

May 30, 2021

Subject: Argus Ltd

Hi Carol,

During a team meeting today, I learned that Argus Ltd is interested in undertaking an independent high-grade cybersecurity risk assessment. Apparently, its cybersecurity insurers are demanding this. As Argus Ltd is one of Australia's biggest investor corporations this looks like a great opportunity for Cannon. I found out the contact details of Argus's CFO. Do you want me to arrange a meeting?

I hope that this shows how keen I am to leave SFL and get a position with Cannon.

More to come,

CH.

Appendix D - Extracts from SFL's Human Resources Manager Report July 12, 2021

MEMO TO: Sam Spade, Managing Director Secure Force Ltd

MEMO FROM: Sally Wu, Human Resources Manager Secure Force Ltd

RE: Cheryl Heinze

DATE: 12 July, 2021

As instructed, I commenced a background check on Cheryl Heinze on July 7, 2021, to determine whether Heinze had been involved in breaches of confidentiality in previous roles where she worked as an employee or contractor.

I began my investigation by attempting to contact the authors of written references that Heinze had provided to you including:

Linda Mryzck - director of Victorian Data Centre

Peter Ormiston - senior manager of Eastpac Bank.

I was unable to contact a Linda Mryzck at the Victorian Data Centre. According to a senior manager I spoke with at the Data Centre they had never heard of Linda Mryzck. As far as they were concerned Linda Mryzck was a fake identity.

I was able to contact Peter Ormiston. Mr Ormiston denied providing any written reference for Cheryl Heinze. He acknowledged that Heinze had worked as a contractor on a short-term project for the bank but indicated that he would not have provided a reference because he regarded Heinze as a 'difficult person to work with.'

Consequently, it can only be concluded that both references are forgeries.

. Statement of Nick Page, forensic IT consultant with Forensic IT Ltd July 1, 2021

1. I am the director and major shareholder of Forensic IT Ltd.
2. Forensic IT Ltd has been established in Australia for 10 years and during that time has earned a solid reputation for providing excellent digital forensic data recovery services.
3. Prior to establishing Forensic IT Ltd I worked as a forensic investigator with the Australian Federal Police.
4. I have provided expert witness testimony to Australian courts on over 35 occasions.
5. In early June 2021, I was contacted by Bloggs and Co. Bloggs and Co instructed me that they acted for Secure Force Ltd (SFL), a cybersecurity advisory services firm. One of SFL's former employees had apparently downloaded unauthorised material onto a work laptop and subsequently copied that material to a personal device. SFL was concerned that the material contained commercially sensitive information that the former employee was going to share with one of its competitors.
6. Forensic IT Ltd was engaged to obtain an image of all the material on the employee's laptops and to undertake a forensic analysis of that material. However, I understand that the employee destroyed the hard drive of her personal laptop. Consequently, Forensic IT Ltd only undertook forensic analysis of the work laptop which was delivered to us following an interim court order made on June 17, 2021.
7. I understand that IT staff at SFL had already conducted preliminary inquiries about the work laptop's contents and that they had installed key logger software. This introduced a significant forensic issue as such actions will change the timestamping on the laptop's files, may create more files, may modify files, or lead to deletion of files. During the examination and analysis, we could not determine which party may have added, altered, or deleted files on the work laptop as I understand that the SFL IT staff involved used the subject employee's sign in credentials.
8. Using digital forensic techniques and procedures, Forensic IT Ltd made bit-for-bit, verified forensic copies or images of the hard drive within the work laptop: an HP Probook G9, Serial No. 2CE00713QB.
9. The data extraction, examination and analysis was performed on a dedicated forensic workstation using AccessData's Forensic Toolkit (version 7.4).
10. The digital forensic copying process captured the entire contents of each piece of media, including the active user-accessible files, the deleted files, and the unallocated space, which may contain deleted content.
11. As the forensic image we created was a forensic image file, we then used a forensically-sound copy method to copy the forensic image file on that drive to preservation media. All subsequent analysis was performed on the working copy forensic image, not on the original media or the original forensic image acquisition.
12. During our analysis of the material we employed a methodology tailored to the particular matters set out in the interim court order, that is, tailored for the examination and analysis of SFL confidential material. Forensic IT Ltd's methodology included: (1) conducting keyword and other searches of the digital forensic copies of the captured data, including webmail accounts, to identify responsive documents or fragments of documents; and (2) manually reviewing the documents containing keyword hits, certain unsearchable file types, such as image files with no text, and other documents to determine whether they were relevant.
13. During our search we found a number of confidential SFL files including:

• 80 confidential client files in a folder marked 'stuff' in the unallocated space section of the forensic image
• An Excel spreadsheet containing existing and prospective client contact details.

1. The deleted files were able to be recovered and copies are attached to this statement in Appendix A. A copy of the excel spreadsheet is set out in Appendix B.

. Extracts from the statement of Cheryl Heinze, October 2, 2021

1. I commenced working with Secure Force Ltd (SFL) on 1 July 2019. Just prior to joining them, I was compelled to sign a Non-Disclosure Agreement (NDA). I was told that unless I signed the NDA my offer of employment would be withdrawn.
2. I was employed as a cybersecurity engineer. This required me to monitor client computer networks and systems for threats and security breaches; install, alter, and update security software and firewalls on client systems; test client systems for potential vulnerabilities; recommend strategies for security best practices throughout client companies; investigate breaches and deploy incident-response plans; report on security incidents and propose effective responses to future internal and external cybersecurity breach.
3. Consequently, I had a high degree of interaction with clients and their employees. I often had to make client site visits and would regularly present to client senior management about their firm's system vulnerabilities and what needed to be done to address them.
4. As a result of my role and its client interface, I required access to SFL's client data base including SFL's client contact list and the client folders SFL maintained. While I did not necessarily need all the information set out in the folders (such as budgets and pricing), I certainly needed to understand the cybersecurity risk assessments that had been undertaken and the scope of works SFL agreed to as well as clients' ongoing cybersecurity management needs.
5. Initially I accessed this information directly from the SFL client database without copying it onto my work laptop. However, after I received a poor performance assessment and was required to sign up to a performance improvement plan, I decided that it would be more productive if I was able to download the material onto my work laptop so that I could work with it after hours at home. That way I wouldn't miss any required client software updates or patches which I had missed previously.
6. To fulfil my role as efficiently as possible and ensure I met all client requirements I therefore downloaded the client files onto my work laptop. For convenience's sake, I just downloaded the whole folders and client contact list without necessarily deleting the clients I didn't interact with nor deleting information that might have been extrinsic to my role. I told my line manager Deepak Singh that this is what I had done in one of our regular progress meetings and he raised no objection to this action.
7. In November 2020 I caught COVID-19. I know this because I had symptoms of a sore throat, a runny nose, and a cough. I didn't go and have a PCR test or report it to anyone as I was afraid of having to isolate for 2 weeks. I am not the sort of person who can cope with being unable to have contact with anyone for that long. I was able to hide it from work by taking a week's leave and then working at home for a few more days.
8. When I returned to work in December and then throughout January, February and March 2021 I still felt under the weather. I was always moody and tired, had ongoing aches and pains, and during anxious moments suffered heart palpitations. This made it difficult for me to concentrate at work and I would sometimes have to leave early due to fatigue and so I missed a few team meetings. I also felt very emotional and would sometimes get into heated arguments with my co-workers.
9. In March 2021 things came to a head when it was discovered that I had missed several security patches on Partridge Pty Ltd's IT system. Partridge Pty Ltd is a property settlement company and so missing the patches exposed it to malicious hacking that might have led to a significant loss of their clients' funds.
10. I was called into Sam Spade's office for a dressing down. I tried to explain that I had been ill with COVID-19, but Spade dismissed this out of hand effectively accusing me of fraud because I had not notified SFL that I had been infected. He was unsympathetic and I got the impression he just thought I was lacking in work commitment. I got angry and said that I had not been paid my bonus entitlements and again Spade dismissed my concerns - stating that since my work performance was so poor, I was not entitled to any bonus. That made me very angry. I felt SFL was exploiting me and lacked any care for my well-being.
11. I was then forced to sign a performance improvement plan and was told that if I didn't sign it and comply with its provisions that I would be sacked.
12. I decided that my career at SFL was now very limited and that it would be a good idea to look for another job elsewhere. To ensure I got a good parting reference, I knuckled down and was present at all team meetings from then on and made sure that all client cybersecurity requirements were kept up to date. As I outlined earlier, I stayed on top of my work by downloading SFL client files to my work laptop so that I could work on tasks at home after hours. My line manager, Deepak Singh, told me I was making good progress.
13. Meanwhile, I began exploring options with other cybersecurity firms, including Cannon Ltd, one of SFL's main competitors. I met with one of Cannon's recruiters in early May 2021 to discuss career opportunities at their firm.
14. To my astonishment when I arrived at work on May 25, 2021, I was told that all my meetings with colleagues and clients had been cancelled and that I was to be stood down pending a workplace investigation for misconduct related to breaches of my NDA and other confidentiality obligations.
15. I was in complete shock.
16. Two days later I discovered that my work laptop and my personal emails had been hacked by SFL. I was outraged by this criminal behaviour.
17. I immediately purchased a new Apple Macbook laptop with the aim of transferring a full copy of my work laptop to the new Apple Macbook so that evidence of SFL's criminal hacking could be preserved.
18. I then copied everything from my work laptop onto the Apple Macbook.
19. On June 2, 2021, I received an email from SFL notifying me that I had been sacked effective 12 am June 3, 2021. No reasons for terminating my employment were given.
20. The next day I received a letter by express post from Bloggs and Co, SFL's lawyers demanding return of all SFL information. I wasn't going to give them my evidence of SFL's criminal behaviour and so I ignored the letter.
21. A week after that I was served with proceedings for an injunction and an application for an order seeking surrender of all devices and materials in my possession containing SFL information.
22. I decided to destroy the hard drive on the Apple MacBook so that SFL could no longer claim that I was stealing their information to share with Cannon Ltd. I also surrended the SFL work laptop to Forensic IT Ltd for analysis. Before I did that, however, I deleted, SFL's client files which I had previously held in a folder called 'Stuff.' Again, I did this so that SFL could not claim that I had stolen their information to share with Cannon Ltd......................................................................................................................................................
23. I know nothing about any email communication between me and Cannon regarding Argus Ltd. I think that must have been planted by SFL.
24. If I am asked in court, I will not admit to forging the references unless it's clear that SFL can prove that I did forge them. I only forged the references because I was unable to contact the parties who might have provided me with good references for the time I worked at the Victorian Data Centre and Eastpac Bank.