EContentmag.com Home
Search EContent:
25,000+ articles now available in ITI's new full-text digital archive: ITI-InfoCentral.com!
Visit ITI's Enterprise Search Center!
Newsletter
EContent Xtra
Research Centers
Content Commerce
Content Creation & Digital Publishing
Content Delivery
Content Distribution
Content Integration
Content Management
Content Security
Digital Asset Management
Fee-Based Information Services
Intranets and Portals
KM & Collaboration
Mobile & Wireless Content
News/Finance/Business
Online Community
Rich Media
Sci-Tech/Medical
Search Technology
Taxonomy
Web Services


Columns
After Thought
Agile Minds
Behind the Firewall
DisContent
Edit This
Eureka
Flexing Your Content
Follow the Money
Guest Column
I Column Like I CM
Info Insider
Info Pro
Media Redux
Screen Play
Technology Watch

Departments
Case Studies
eReader
Faces of EContent
Peopleware

In Focus
EContent 100
EContent 100 Videos
Past Issues

Services
About EContent
Advertising
Subscribe to
EContent Magazine
EContent Xtra
Newsletters
RSS Feeds from EContentMag.comFeeds


Awards
2009 Apex
2008 ASBPE
2008 Tabbies
2008 Apex
2007 Tabbies
2007 Apex
2006 Tabbies
2006 Apex
2005 Tabbies
2005 Apex
2004 Tabbies
The Truth is in There*: Sleuthing for Data with Digital Forensics
By Ron Miller - March 2007 Issue, Posted Feb 27, 2007 Bookmark and Share Print Version   Page 1 of 3 next »

As the computer becomes more intertwined in our every action, it naturally follows that digital information will become increasingly important in legal processes as well. Today, digital information is increasingly used as evidence in criminal and civil cases and companies are leveraging digital evidence to quietly change an employee's behavior, force out a bad apple, or to file charges.

Within the bowels of our hard drives lie email threads and instant messaging histories. Within our browsers lurk the history and browser cache, which leave footprints of what websites we have visited and when. We leave documents, metadata, and other digital bric-a-brac every time we interact with a computer, and all of this information can be used by investigators to identify who did what and when.

But beyond the obvious places one could find information, there are hidden spots most of us probably don't even know exist such as the Windows Swap File or the unallocated space on your hard drive. Did you know, for instance, that when you delete a file, it doesn't actually go away? Instead, the operating system simply makes the hard drive space available. Investigators can extract data from this unallocated space with special digital forensic tools.

Chances are, if you have done something with your computer—even if you password protected it, applied enterprise digital rights management, or deleted it—determined investigators will find it. In fact, a whole industry has developed around helping government, law enforcement, and enterprises follow digital evidence trails and extract the bits and bytes that trace the path of our digital lives.

Forensic Meaning
Digital forensics involves researching a hard drive (or network) to find evidence of wrong-doing, says Brian Karney, director of project management at Guidance Software, a company that makes EnCase, one of the leading digital forensics software tools. "It boils down to people using data investigation to get answers," Karney says. "What makes digital forensics different from regular content is the fact that the data itself is very fragile," he says.

Brian Carrier, Ph.D., who is director of digital forensics at Basis Technology Corporation, a company that uses multilingual language tools to help investigators extract digital information in multiple languages (and also author of the book, File System Forensic Analysis, An Illustrated Reference), says the term "digital forensics" means different things to different people. "It's one of those terms that's a good buzzword," Carrier says, but how people define it depends on the job at hand. "Law enforcement says you must follow the rules of the law to present the results in court, while companies may use digital forensics to do internal investigations, but the results may not be used in court, so they may not follow the same thoroughness of handling evidence." Both are valid, Carrier says, but because there are two distinct purposes, he prefers a different term. "I actually personally prefer the term ‘digital investigation' over digital forensics just because it is more of a general term and doesn't throw in the whole legal requirement of evidence handling," he says.

P. Kevin Smith, VP of North American sales at LTU, a company whose software searches images for evidence of wrongdoing—whether that involves child pornography, counterfeiting, or brand or trademark violations—sees digital forensics in broader context. "From our vantage point, digital forensics goes into the investigation of digital data, be it on a hard drive or over a network or the web used for investigative purposes involving law enforcement, private investigation, or competitive intelligence," Smith says. 

Corporate vs. Criminal 
Karney identifies two possible investigative scenarios: People using a computer to perpetrate a crime against other people (whether directly or indirectly) or people using a computer against another computer, such as in a hacking scenario. Both could involve corporate or criminal investigations. The corporate investigator might want to track a hacking incident, find evidence of embezzlement, employee-to-employee harassment, or intellectual property theft, while a government investigator could be tracking terrorist activity on an internet café computer. A criminal investigator might use instant messaging threads between co-conspirators to help build a case in a murder investigation. 

Karney says that corporations haven't always been active investigators and that is a relatively recent phenomenon. "What has happened over the years is what was started as being more focused on government applications and law enforcement, dealing with [criminal activity] and whatnot, has evolved into something where most commercial organizations are dealing with various types of business challenges, and that involves getting access to information to make decisions about it," Karney says.  

*Please note that the phrase "The truth is in there" is a registered trademark of FDR Forensic Data  Recovery, Inc., and may not be used without permission. See www.forensicdata.ca for more details.

Bookmark and Share Print Version   Page 1 of 3 next »
CURRENT ISSUE

Subscribe today!
directory
»   Read the 15 minute guide to Enterprise Content Management
»   Read the 15-Minute Guide to Best Practices in Correspondence Management
»   ITIResearch.com - A collection of market research and reports for executive management and business & IT professionals
»   Need instructional help with Online Video? Check out our new resource - OnlineVideo.net

All Content Copyright © 1998 - 2010, Online: a Division of Information Today Inc.
48 South Main St., Suite 3 · Newtown, CT 06470-2140
(203) 761-1466, (800) 248-8466 · Fax (203) 304-9300 · custserv@infotoday.com
PRIVACY POLICY