Computer Forensics

Professionals in virtually every field — from accountants and insurance agents to investment bankers and health care professionals — carry clients' and their own "secrets" on their desktops.

In this tempting environment, it's no surprise that estimates indicate as much as 85% of computer fraud and espionage crime is perpetrated by employees. But, ironically enough, computers were never intended to be secure.

Background

The first personal computers, designed by IBM, were intended for home use but were rapidly adopted by business. Almost overnight, IBM-compatible computers evolved into powerful corporate network servers, desktop and notebook computers. The overwhelming popularity of the IBM PC was not anticipated. The DOS operating system installed on the original PC was never intended for commercial use, and security was not part of its design.

In the interest of maintaining compatibility with the early versions of DOS, upgrades to the operating system — whether it was DOS, Microsoft Windows, Windows 95, Windows 98, Windows NT or Windows 2000 — could not fully address security issues either. As a result, most desktop PCs and notebook computers lack adequate security.

Motive and Opportunity

Computer passwords alone won't keep determined infiltrators from stealing. In addition, many computers are connected to corporate networks and to the Internet, making information readily accessible to hackers.

But some of the most serious corporate espionage crimes may actually be encouraged by the company's own policies. For example, it is standard procedure in many companies for PCs to be moved around or transferred from one individual to another. When directors and senior executives are issued new models, their old desktop PCs are reformatted and passed down the company chain, where it is all too easy for them to fall into the hands of employees with the skill and intent to recover potentially sensitive information.

Nothing is permanently lost on PCs

When electronic documents are created in the Microsoft Windows environment, bits and pieces of the document are written in temporary files, the swap file and file slack. Furthermore, when electronic documents are updated or erased, remnants of the original version remain behind on the hard disk drive. For corporate and government computer users, the security dangers are evident.

But with the help of computer forensic specialists, businesses can both protect themselves and turn the security weaknesses associated with personal computers to their advantage to track criminal or fraudulent activity. For example, electronic document discovery can make a difference in sexual harassment cases, in wrongful dismissal employment cases and even in how due diligence efforts are conducted in corporate mergers. The information accessed by criminals and rogue employees leaves a trail on the hard drive that can help internal auditors and corporate investigators to identify fraud, espionage, and abuses of corporate policy, including misuse of corporate Internet accounts.

Internet account abuses have recently become a serious problem in government agencies and corporations. These abuses include the operation of side businesses using corporate Internet accounts, the viewing of pornography and the use of corporate e-mail accounts for personal correspondence. Most of the corporate and government clients that New Technologies, Inc. (NTI) works with identify Internet account abuses as the single biggest technology problem for corporations and government agencies today.

How Computer Forensics Works

NTI has created automated computer forensic software tools that assist in the processing of evidence stored on computer hard disk drives. The "electronic crime scene" can be preserved using another tool which is owned by NTI called SafeBack, which is an industry standard.

Using tools like these, obscure data segments containing binary (non-readable) data can be intelligently filtered, making the contents easy to view or print. Forensics software can also be used to automatically determine the scope of Internet usage on a given computer within a matter of minutes.

Sometimes subtle changes or differences between versions of the same document have evidentiary value. These differences can easily be identified using computer forensic tools that find and compare duplicate word processing files located on computer hard disk drives and/or floppy diskettes. This feature can be particularly helpful when multiple computers are involved.

The Information Age has created a new breed of corporate criminal, but it has also created a new means of tracking them - because these criminals leave behind their electronic fingerprints.