Private eyes now on the e-trail

[InfoSec News <isn () c4i org>]

http://australianit.news.com.au/articles/0,7204,6375024%5E15321%5E%5Enbv%5E15306,00.html

Simon Hayes
MAY 06, 2003  
 
WITH an increasing emphasis on the recovery of electronic documents in
crime investigations, nothing on your PC is sacred any more, according
to leading computer forensics experts.

Company emails, Hotmail-style email accounts and even voicemail
systems are leaving audit trails for forensics specialists. And
corporate and government investigators are calling on those skills.  
Lately, computer forensics experts have even taken a more prominent
role in the music industry's search for alleged online music pirates.

Ferrier Hodgson senior manager for computer forensics Jason Beckett -
for seven years head of the NSW Police Computer Forensics Unit until
he made the switch to the private sector last year - says his firm is
swimming in work.

The company is even considering training all its IT staff to provide
support services for forensics staff to cater for the growing demand.

"Since I left the police the market's come to me, everything from
government regulators to family court matters," he says.

"This is often a much easier process than a normal investigation."

Ferrier Hodgson's work includes everything from civil work to murder
investigations that demand computer forensics.

In particular, private industry is increasingly willing to call in
specialists, he says.

"Five years ago companies were hesitant to report crimes but now crime
is getting out of hand," he says.

Aside from frauds, the firm is making use of computer forensics in its
insolvency work.

"In our insolvency work, the legislation says we must collect
documents, and that includes electronic documents," he says.

Forensics experts such as Beckett use visualisation and reconstruction
tools, such as EnCase, to copy hard drives and reconstruct them on
other machines without altering the data.

Their techniques allow them to get snapshots of data that includes
everything from documents to deleted emails.

"One of the first things we do is collect emails, including from
Yahoo! and Hotmail," he says.

"We take an image of the hard drive to see if they have email accounts
other than internal email. It's a simple process -- we are even able
to recover voicemail."

But some areas will always remain the domain of police forensics
experts, Beckett says.

"The corporate sector can't do child pornography investigations, for
example. But other matters that don't require an immediate response
can be outsourced, because the police only have a finite set of
resources available," he says.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.