Computer forensics investigations must be a critical component of your tool kit. Constant training will help you hire experts, find digital evidence, and prepare for a judge and jury. You need to realize what you don’t know and seek the training to fill the gaps.
Sam, a new internal auditor at Wannamaker Construction, suspected that Evan, an accountant, was embezzling from the company. Sam had to find evidence on Evan’s desktop and laptop computers to prove his case in court. While he was confident his computer skills were sufficient, Sam decided to hire an external digital forensics firm anyway to ensure a clear-cut case. He hired XSteronics, a digital forensics firm he found in the phone book.
After work on a Friday evening, Sam met Duke, a digital forensics examiner from XSteronics, and led him into Evan’s office. Duke accidentally tripped over the electric cord to Evan’s desktop computer, causing it to turn off. He quickly switched it back on and began copying Word documents and Excel spreadsheets onto his laptop. Evan had left his laptop on his desk, so Sam began copying files from it onto his thumb drive. At 7 p.m., Duke and Sam shut off the computers and left.
Sam thought he’d collected enough digital evidence to criminally prosecute Evan. But shortly before Evan’s trial, his defense attorney discovered sloppy digital forensic methods, which ultimately “spoiliated,” or tainted, Evan’s files:
- Duke shut down and restarted Evan’s computer.
- Duke didn’t make a “bit-for-bit,” exact-replica image of Evan’s hard drive using specialized software and hardware.
- Sam incorrectly copied files off Evan’s laptop onto a thumb drive.
Duke and Sam also didn’t inspect Evan’s office for other electronic devices such as MP3 players, thumb drives, or digital cameras. Evan’s attorney discovered that XSteronics had hired Duke, a convicted felon, because of his illegal hacker expertise – a fact the company hadn’t shared with Sam. The judge didn’t allow Duke to testify and eventually dismissed the case for lack of evidence.