Computer Forensics 101
The following contains my summary of the Computer Forensics 101 presentation at the the 2010 Technology & Homeland Security Forum in Niagara Falls, NY. First blog here.
This was a level 101 type presentation
- 350 new HR related cased filed in the US every day.
- 90% of all biz records today only exist in eformat.
Best Quote: Think of data as evidence
The ex-NYC police officer who gave presentation provided examples of the gallons of information left on a personal computers that the police can uncover or recover during criminal investigations. Windows writes the status of seeming virtually everything all over the disk. Your browser is recording all your travels. It can be determined if you manually typed in a URL, or was opened via a link.
The ex-officer talked about the valuable metadata generated by Word. In a Word doc the (e.g.) last printed, last edited and by whom, and what the changes were made represent data that may be helpful in an investigation. He recommended never sharing a native file format, always share PDFs, to thereby reduce your metadata footprint.
To protect the employer for departing staff, he also recommended taking forensic copy of all hardware for departing employees, or employees over a certain level, for possible future needs. Consider this part of your employee exit and ediscovery procedures. If that departing employee start litigation against his former employer, or if the former employer discovers the ex-employee has broken the non-compete agreement, the employer will want to review all the ex-employees files to build it’s case.