Original Post Date: June 11, 2014
What is Digital or
Computer Forensics?
In an effort to keep my clients and supporters informed, I
have decided to write regular articles related to the business of digital
forensic consulting and examination.
Fair warning: many of the concepts presented in this blog may be gleaned
from other sources, but that doesn't mean they're any less valid and
appropriate sources will be cited when direct quotes are taken. I will also let you all know as my readers
that I intend to start at the basics and grow in complexity of subject matter
as the blog progresses... but I'll try very hard not to bore you. My hope is
that I can educate potential clients and the general public about what we do
and why the service we provide is important and necessary. So here we go...
One of the questions I've been getting lately while networking
and marketing digital forensic consulting services is "That sounds really
cool!.. What is it?" Here, I'll attempt to answer that question: Digital forensics is, simply, the analysis of
electronic data stored on various types of media (hard drives, thumb drives,
CDs, DVDs, etc.) to uncover evidence of a crime or incident. For example, if you are the head of a company
with a patent on a particular product or service and an employee leaves
abruptly or under auspicious circumstances, you may suspect the former employee
of theft of intellectual property. This
can be very serious because if your former employee takes trade secrets to a
competitor, you may lose your competitive edge on the market. If the potential loss is large enough, you
may seek legal action against the former employee, particularly if they signed
a non-compete clause or some similar contract.
This is where you would need a digital forensic examiner. By securing the media the questioned employee
was using as close to the suspected theft as possible, we are able to make a
copy or "image" of the media and conduct an examination using
specialized software tools (and tons of training) to determine the potential
existence and scope of the theft. Often,
we can tell the who, what, where & when of the theft, further solidifying
any legal action to be taken against the former employee. Many large corporations have experts on-staff
to help with these investigations, but smaller start-up companies and even
older, more established "brick & mortar" companies may not have
the means to do so, which is when an outside digital forensic examiner can be
brought in to help determine the facts.
Facts are an extremely important component when dealing with forensic
sciences. Reporting facts, not conjecture,
is key and will be discussed in a later article.
One of the basic tenants of forensics as a whole is to
maintain the integrity of the
evidence that is to be examined. That
is, to ensure as much as possible that the state in which the incident occurred
is preserved as a "snapshot" of what was going on. This is why contacting a digital forensic
expert as soon as a potential incident is discovered is so important. Most of the time, data isn't lost without
some proactive measure(s) being taken, but it can be manipulated and fragmented
as time goes on which only makes the recovery of necessary elements more
difficult... and costly!
In the digital age where everyone carries a micro computer
in their pocket in the form of a smart phone and meetings, notes and dictation
are all taken with portable devices such as tablets and smart phones and
digital recorders, evidence of numerous aspects of people's lives reside within
digital media far beyond the laptop or desktop computer (although we can
examine those too). So when you visit
the website, blog or FaceBook page of Professional Digital Forensics (Pro Digital)
Consulting, ask yourself these questions beyond, "That's cool, what is
that?"
·
In which areas of your life do you not
use a computer, smart phone, tablet? I
would bet, not many.
·
If you work in Information Technology,
Information Security or Human Resources, how could a digital forensic examiner
help you after a security breach, theft of company data or dismissal of an
employee while under contract?
·
If you know or are an Attorney - civil,
criminal, family or corporate - what parts of your/their case(s) could be
stronger and better serve your client with help from the data that could be
recovered by a digital forensic examiner?
Are there emails, texts, videos or pictures that could exonerate your
client? Are there emails from an
opposing corporation that could help prove theft of intellectual property? Is there evidence of an extra-marital
relationship on the cell phone or computer of your client's estranged spouse?
All of these important, highly reliable and mostly indisputable nuggets of data
can help to better serve your client(s) and bring the case to a successful
conclusion.
I'll
close by saying that I know many people may read this blog and start to think
that all of these skills and abilities are great, but why do I need them? Well, my
goal going forward will be to illustrate, through these articles, as well as
those linked from my colleagues around the world, exactly why you may need a digital forensic examiner and why an experienced
examiner, trained in best practices and modern technologies, with an emphasis
on the integrity of the evidence and the forensic methodology is always your
best option.
Thanks
for your time, your support and as always, a referral is the best compliment
you could pay us!
Author:
Patrick
J. Siewert
Owner,
Lead Forensic Examiner
Pro
Digital Forensic Consulting
