Escolar Documentos
Profissional Documentos
Cultura Documentos
TM
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 703.788.9800
info@veritect.com / www.veritect.com
TM
The file was too difficult to decrypt, and if there was nothing
serious in it, confronting the employee could be awkward. On the
other hand, if the file concealed proprietary data, the company
would need to act. Frank called in-house counsel. The senior
managers boss reported to the counsel that his employee was
involved in high-level operations including launching a product
that could make or break a division. Alarmed, the counsel called a
forensic examiner. The company needed to know what the man-
ager was hiding without giving him a chance to destroy evidence.
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 2 703.788.9800
info@veritect.com / www.veritect.com
TM
Computer Forensics There are compelling reasons for using computer forensics but
before lawyers and managers do, they should know what foren-
sics is and when and how to employ it. Risk management and
self-defense are leading reasons for using computer forensics.
Any organization that does not have a way to detect and stop
malicious behavior may be victimized with no legal recourse.
Computer forensics safeguards legal options. Preserving evidence
according to Federal Rules of Evidence gives a company or indi-
vidual choices that otherwise would not exist. When an intruder
attacks or steals from an organization or individual, the ability or
threat to get law enforcement involved may be the only way to
stop intrusion or recover assets. Gathering computer evidence is
also useful for confirming or dispelling concerns about whether an
illegal incident has occurred, and to document computer and
network vulnerabilities after an incident.
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 3 703.788.9800
info@veritect.com / www.veritect.com
TM
When Not to Use When the cost of a forensic investigation exceeds potential gain,
Forensics there is little reason to use it. However, that is a judgment call.
Managers and lawyers can and have used forensics for purposes
beyond serious threats. Some companies use legal evidence
gathering to drive home points with employees and external
intruders, even though the cost of the investigation often
exceeds recovery. Usually, a warning is enough to stop an
inappropriate action, such as excessive net-surfing so that a
full-scale investigation is not needed. Computer forensics also
may not be needed when computers had only a minor role in an
incident or threat, but this role may not always be clear. The
relationship between the computer and an event under inquiry
is critical, and until a forensics examination has been done, one
cannot always know whether a computer was a significant part
of an event, or not.
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 4 703.788.9800
info@veritect.com / www.veritect.com
TM
What You Lawyers and managers involved in events where computer foren-
Should Know sics might come into play should follow a simple rule their mothers
taught them when they were little and entering a store: Dont
touch anything.
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 5 703.788.9800
info@veritect.com / www.veritect.com
TM
it on, and if turned off, leave it off. Moreover, NEVER run programs
on a computer in question. For example, running Windows to
examine files destroys evidence in the swap file. Finally, NEVER
let a suspect help open or turn on a machine.
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 6 703.788.9800
info@veritect.com / www.veritect.com
TM
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 7 703.788.9800
info@veritect.com / www.veritect.com
TM
Making a Case When forensic examiners find computer evidence, they must
present it in a logically compelling and persuasive manner that
a jury will understand and an opposing counsel cannot rebut.
This requires step-by-step reconstructions of actions with
documented dates and times, charts, and graphs. These exhibits
explain what was done and how. The result is testimony that
explains simply and clearly what a suspect did or did not do. Case
presentation requires experience, and, to date, such experience
has been gained through courtroom appearances. This is why
lawyers and managers should retain computer forensics examiners
who have a record of successful expert testimony on computer
evidence. An experienced examiner knows the questions that
opposing attorneys will ask and the ways to provide answers that
withstand challenges. A skilled litigator can defeat an inexperi-
enced examiner for failing to collect evidence in a proper manner
and failing to show that evidence supports allegations. Not long
ago most attorneys knew little about computers and how they
operated, but today they do and they are increasingly skilled at
challenging examiners methods.
A Growing Service With the growth of computers and networks comes growth of
crime committed through or with computers and networks.
Computer forensics is an extension of forensics examinations
used on other physical evidence. It is a fast-growing field be-
cause computers and networks have moved to the heart of
business and societal operations. However, it is not a service
that most corporations will or should establish internally. Because
investigations are so specialized, few organizations have the
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 8 703.788.9800
info@veritect.com / www.veritect.com
TM
Forensic activity
Forensic activity
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 9 703.788.9800
info@veritect.com / www.veritect.com
TM
Forensic activity
Forensic activity
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 10 703.788.9800
info@veritect.com / www.veritect.com
TM
Forensic activity
Forensic activity
What the employee did: The employee had exploited the fact
that the companys network had no monitoring of outbound
connections, as well as numerous unprotected modems.
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 11 703.788.9800
info@veritect.com / www.veritect.com
TM
Copyright © 2001 Veritect, Inc. All rights reserved. Toll Free 866-VERITECT (866-837-4832)
Computer Forensics / June 2001 12 703.788.9800
info@veritect.com / www.veritect.com