Unfortunately you hit the question that's one of the most difficult to answer in an Intellectual Property case, "What did they take before the left the company?"   Yes, it's easy to go through the mounted devices registry key and determine what devices where plugged and what drive letters they occupied.   This is your first step.

The second step is to look at the LNK files on a Windows machine.  Look at the recently opened files, both in the Recent folder and MS Office Recent Files.   See if any of them are pointing to a drive letter occupied by your external devices.   If you find any, it does NOT tell you that something was copied by your suspect to the external drive.  All it tells you is that the files were on the device at some point.  It doesn't tell you how they got there. 

CD Burning is a little bit more workable, if they used the built-in Windows CD-Burning app especially.   There are temp files the process creates in the Local Settings folder of the user profile:

C:\Documents and Settings\<profile>\Local Settings\Application Data\Microsoft\CD Burning

The prefetch file will also tell you when the CD Burning process was executed.   Finally, the event log will show the CD Burning service stopping and starting.   If your Access Times on the actual files and the Creation Times for the links in the CD Burning temp folder mach, and the CD Burning service ran for more than 20 Seconds (amount of time typically needed to open and close a CD), then you can speculate and only speculate that a CD was burned with these files. 

Your best evidence for determining if anything was copied to an external device or burned to a CD is the external device or the CD itself.   If you don't have that, it's very difficult to determine what was taken.

Those are my two cents.  I hope that someone can provide a better answer.  I would love to learn a better way myself.