Advanced Forensic Technology - the next generation of computer forensics
Forensic technology is becoming more and more advanced - tools are now available that can deal with computers connected to corporate networks rather than the traditional stand-alone and portable computers synonymous with traditional forensic technology. This progression in technology has greatly enhanced the approach to computer forensics. Here’s how:
We were asked by a client to assist them with their discovery process, the twist being that it needed to be done in a very tight timeframe. To meet this goal we used the latest forensic technology software to identify the files that were required for the discovery process. This was done over the company network and did not cause any noticeable downgrading of performance for users, nor prevent normal back-ups to be made. The identified files were copied to a forensic standard and produced for relevance review and disclosure. By doing it this way, the amount of material required for relevance review was reduced from tens of thousands of files down to just a few thousand. This technique meant our client met their rigorous deadline, which would not have been achieved using traditional methods.
Technology has also enhanced intellectual property reviews:
The ability to use forensic analysis techniques on company networks helps us efficiently locate intellectual property that might have been copied by a member of staff. This made a recent assignment a whole lot easier. We were asked to review a server and several PCs linked to it, looking for evidence their client database had been copied by a former employee. We took a forensic copy of all the material on their server during working hours, without users being notified or any drop-off in network performance. Previously it would have been necessary to shut down the server to take the copy, consequently causing considerable disruption to the business. But because we were doing this in ‘real-time’, we also were able to review as we copied. Within one hour we were able to demonstrate that a user had extracted commercially sensitive data from the client’s system.
Another area is risk reviews:
It is common for companies to provide more and more computing power to their staff through access to email and the Internet, which can be used to view and distribute inappropriate or illegal material. This material is inevitably being stored on company IT systems. In addition, there is the increased possibility of reputational risk should such material be discovered. We had a client who was concerned that inappropriate material was being saved onto the main server in an area accessible by multiple staff. We connected to the relevant server and previewed what was happening. The material in question was quickly identified and located, and included a large amount of deleted files. As part of our preview, we were able to see which user had saved the files into the common areas. We made a forensic copy of the identified user’s computer and provided a report to the client on our findings. The client was then able to act, putting a stop to the unwanted behaviour.
The other area that the enhanced forensic technology tools helps is in a fraud investigation:
When fraud is being invested it’s not always apparent where relevant material might be located. In the past, investigators have had to manually review electronic material looking for potential evidence on servers. With the introduction of advanced forensic technology software, it is now possible to search live servers and individual computers for electronic material that might assist an investigation. Clients are benefiting from this process as it is quicker, more sophisticated and causes less disruption to their daily business.
For more information on this topic, please contact:
Associate Director, Forensics
+64 9 303 0974
+64 9 303 0838