 |
 |
 |
 |
 |
 |
|
|
|
||||||||||
|
THE KESSLER REPORT Continued Archive Home |
|||||||||||
|
Volume
9 - No. 1 |
|||||||||||
|
In this edition of Computer Forensics: Sherlock Holmes in the Information Age What's
Infecting Automatic Thieving Machines: ATM Frauds Exposed Q&A: Do-It-Yourself Investigation Kessler's
Corner:
|
|||||||||||
|
Q & A: Do-It-Yourself Investigation As
computer crime continues to proliferate, and the demand for system
security increases, many companies are hoping to save time and money
by taking matters of computer forensics into their own hands,
purchasing software tools and training existing employees to
investigate security breaches and employee abuse.
While this in-house method may seem to be a low-cost solution,
it may not be the best one. Q:
What are some of the main pitfalls of
"do-it-yourself" investigation? A:
First of all, it is
important to understand that the emphasis of any computer
investigation, just like any physical crime scene, is obtaining
concrete evidence that is not altered in any way.
By choosing to conduct investigations themselves, companies and
individuals can inadvertently tamper with critical evidence.
Simply turning a subject's computer on or off can cause files
to be erased, written, replaced or otherwise altered, and if you are
looking to make a case, these corrupted files may be inadmissible in
court. Secondly,
by conducting investigations in-house, you run the risk of raising
suspicions among other employees, or worse, compromising the
objectivity of your inquiry. Many
employees watch each other's backs, and there is always the
possibility that you may not be getting a complete report from your
company investigator. Another
problem you might encounter is that most IT workers do not have much
legal experience. If you
were to take legal action against a subject, your computer forensics
"expert" might not be seen as such in a courtroom, and may
turn out to be useless as a witness.
Not many people have the combination of skills required to
conduct a fair, accurate investigation and hold their own in a
courtroom, so if you're in doubt, it's best to call a professional. Q: What about computer forensic kits? Can't companies just use the same hardware and software the pros use to get the same results? A:
While most professional investigators use hardware and software
that would be available to IT and security departments, the key
difference is analysis. Software
merely collects data… it doesn't scrutinize the data and sort out
incriminating evidence. And,
again, without the right experience, you may end up tainting otherwise
useful information. The
process of acquiring data, sorting through it, and analyzing the
findings is extremely delicate, and should be left up to someone who
not only has the necessary technical knowledge, but the investigative
expertise as well. Q:
Won't an in-house investigation save money, as opposed to
hiring an outside firm? A: Not necessarily. If you combine the costs of lost productivity, training, software, equipment, and a possible lengthy stay in court, the bills could add up very rapidly, and your one-time in-house investigation could end up costing you much more than you anticipated. In addition, you may not come up with complete and accurate results, and this could seriously affect the litigation process. The worst-case scenario, of course, would be that your entire inquiry turns out to be a waste of time, effort and money. Bringing in an experienced computer forensics team is ultimately a more cost-effective route. They have the equipment, the know-how, the experience, and the legal expertise to get the job done the right way. Don't take any chances. Call a professional and get the results you're looking for.
|
|||||||||||
|
BACK TO THE NEWSLETTER ARCHIVE BACK TO THE KESSLER HOME PAGE
|
|||||||||||
|
Copyright © Michael G. Kessler & Associates, Ltd. 2004. All rights reserved. |
|
Kessler International... Because There Is A Difference.®
Kessler International
|
