Friday, January 2, 2015
What is Digital or Computer Forensics?
Original Post Date: June 11, 2014
What is Digital or Computer Forensics?
In an effort to keep my clients and supporters informed, I have decided to write regular articles related to the business of digital forensic consulting and examination. Fair warning: many of the concepts presented in this blog may be gleaned from other sources, but that doesn't mean they're any less valid and appropriate sources will be cited when direct quotes are taken. I will also let you all know as my readers that I intend to start at the basics and grow in complexity of subject matter as the blog progresses... but I'll try very hard not to bore you. My hope is that I can educate potential clients and the general public about what we do and why the service we provide is important and necessary. So here we go...
One of the questions I've been getting lately while networking and marketing digital forensic consulting services is "That sounds really cool!.. What is it?" Here, I'll attempt to answer that question: Digital forensics is, simply, the analysis of electronic data stored on various types of media (hard drives, thumb drives, CDs, DVDs, etc.) to uncover evidence of a crime or incident. For example, if you are the head of a company with a patent on a particular product or service and an employee leaves abruptly or under auspicious circumstances, you may suspect the former employee of theft of intellectual property. This can be very serious because if your former employee takes trade secrets to a competitor, you may lose your competitive edge on the market. If the potential loss is large enough, you may seek legal action against the former employee, particularly if they signed a non-compete clause or some similar contract. This is where you would need a digital forensic examiner. By securing the media the questioned employee was using as close to the suspected theft as possible, we are able to make a copy or "image" of the media and conduct an examination using specialized software tools (and tons of training) to determine the potential existence and scope of the theft. Often, we can tell the who, what, where & when of the theft, further solidifying any legal action to be taken against the former employee. Many large corporations have experts on-staff to help with these investigations, but smaller start-up companies and even older, more established "brick & mortar" companies may not have the means to do so, which is when an outside digital forensic examiner can be brought in to help determine the facts. Facts are an extremely important component when dealing with forensic sciences. Reporting facts, not conjecture, is key and will be discussed in a later article.
One of the basic tenants of forensics as a whole is to maintain the integrity of the evidence that is to be examined. That is, to ensure as much as possible that the state in which the incident occurred is preserved as a "snapshot" of what was going on. This is why contacting a digital forensic expert as soon as a potential incident is discovered is so important. Most of the time, data isn't lost without some proactive measure(s) being taken, but it can be manipulated and fragmented as time goes on which only makes the recovery of necessary elements more difficult... and costly!
In the digital age where everyone carries a micro computer in their pocket in the form of a smart phone and meetings, notes and dictation are all taken with portable devices such as tablets and smart phones and digital recorders, evidence of numerous aspects of people's lives reside within digital media far beyond the laptop or desktop computer (although we can examine those too). So when you visit the website, blog or FaceBook page of Professional Digital Forensics (Pro Digital) Consulting, ask yourself these questions beyond, "That's cool, what is that?"
· In which areas of your life do you not use a computer, smart phone, tablet? I would bet, not many.
· If you work in Information Technology, Information Security or Human Resources, how could a digital forensic examiner help you after a security breach, theft of company data or dismissal of an employee while under contract?
If you know or are an Attorney - civil, criminal, family or corporate - what parts of your/their case(s) could be stronger and better serve your client with help from the data that could be recovered by a digital forensic examiner? Are there emails, texts, videos or pictures that could exonerate your client? Are there emails from an opposing corporation that could help prove theft of intellectual property? Is there evidence of an extra-marital relationship on the cell phone or computer of your client's estranged spouse? All of these important, highly reliable and mostly indisputable nuggets of data can help to better serve your client(s) and bring the case to a successful conclusion.
I'll close by saying that I know many people may read this blog and start to think that all of these skills and abilities are great, but why do I need them? Well, my goal going forward will be to illustrate, through these articles, as well as those linked from my colleagues around the world, exactly why you may need a digital forensic examiner and why an experienced examiner, trained in best practices and modern technologies, with an emphasis on the integrity of the evidence and the forensic methodology is always your best option.
Thanks for your time, your support and as always, a referral is the best compliment you could pay us!
Patrick J. Siewert
Owner, Lead Forensic Examiner
Pro Digital Forensic Consulting