banner ad

November 2004

Share |

Proactive Forensics in the Workplace

By: Paul Taylor, Deputy Director Litigation and Forensics
Data Recovery Services, Inc.
Contact: Larry Thomasson
Website: www.legalforensics.com

Listing on Experts.com

The benefits of computer forensics have been seen over and over again in the criminal and civil courts throughout the world in the past two decades. If there is ever a case involving accounting or communication between key witnesses then computer forensics will be involved in some form.

Computer forensics has long been used as a tool to prove or disprove the actions of a person or a company. The tide has now turned � proactive use of computer forensics is now the buzz phrase. The ability to catch a crime as it occurs is an investigators dream, and now that dream is becoming a reality. Proactive Computer Forensics means taking steps to preempt the need to locate the "smoking gun" for examination.

There are a number of �Computer Forensics� companies all across the United States. The most important thing to consider is to make sure the company that you choose has the knowledge and expertise needed for your case. In many cases some of the larger companies will be able to provide forensic personnel in your area, even if they are not physically located near you. A forensic company that is worth employing has many associates, in most cases, worldwide, that are able to assist with your litigation support needs in order to do the necessary work.

Depending on the situation you may need a company that has experts with a wide range of expertise in computer forensics and advanced data recovery. If the suspect media has been physically damaged be it malicious or not, it will need to first be recovered before the forensic exam can be performed. Only a handful of companies in the US have the ability to do this while maintaining "Chain of Custody". The last thing you want is to have to send the drive to a data recovery company then to a computer forensics company upon completion of the recovery. Your best bet is to use a company that has cleanroom facility in case it is needed for the data recovery.

Some of the more prominent companies have taken another step adding "proactive computer forensics". In a world where the accountability of a company is often questioned, proactive computer forensics is the key. Its use can often exonerate a company before it is noticed by others outside the firm, and before it becomes a public issue. Its use has proven priceless in employee disputes, or sexual harassment cases to name a few.

Some companies have installed active monitoring systems which will continually audit the use of a workstation and notify the system administrators of any offensive material. Older more prominent "computer forensic" companies are then asked to secure the information on the hard drive for possible use in the future in any civil or criminal proceedings which may come about.

On a recent case involving a very large government IT provider, it was successfully shown that an employee had not used their workstation to hack into a secure network even though the network security auditing software had shown that certain hacking software was found to be installed on the computer. The results from the investigation showed that the findings of the security program were rogue and the client decided to change their security auditing software based on our findings.

The need for a computer forensic engineers expertise has never been so high, and it is continuing to rise. Court rulings such as Sarbanes Oxley have ensured the need for credible, experienced and proficient computer forensic specialists throughout the world.

Share |


Data Recovery Services, Inc. is a premier data recovery company specializing in high level electronic discovery and recovery for litigation and forensics, including computer forensics, expert testimony, email recovery and tape recovery.

See DRS's Listing on Experts.com.

©Copyright 2004 - All Rights Reserved

DO NOT REPRODUCE WITHOUT WRITTEN PERMISSION BY AUTHOR.