In December 2010, Dutch police nabbed a hacker who cyber-attacked credit card companies who stopped doing business with beleaguered Wikileaks. Earlier in the year, a US college student was convicted of crimes connected to his hacking into Sarah Palin's email account.
How did they get caught? What would you do if a disgruntled employee planted a virus or worm in your computer servers just before he resigned? Can you find a former employee's emails and sensitive documents to help you defend or win a lawsuit?
Cyber forensics, or digital or computer forensics, is the answer to these and many other questions. Generally, it's the process of finding and saving information on computers and storage media, like flash drives and memory sticks, and even PDAs and smart phones.
Governments and businesses across the globe increasingly rely on computers and other digital gadgets to store and share data and information. Of course, with that increased use, hackers and thieves look for ways to steal or abuse that information. Employees with access to the information pose another possible security threat.
Security aside, it's common in lawsuits - both criminal and civil - for lawyers to demand to see (it's called discovery in legal jargon) information and documentation stored in digital format that may be important to the case.
Emails and reports are good examples, even those that have been "erased" from the computer. A forensic expert may be able to find and save the information.
All this means an increased need for experts who can find and protect information or track down security breaches. Companies are spending billions of dollars on cyber forensics experts and building high-tech labs for autopsy-like procedures on hard drives and circuit boards.
Colleges and universities, like Purdue University, even offer courses and advanced degrees in cyber forensics.
Need an Expert?
Do you already have a cyber security and emergency plan in place? If not, a good forensic expert can help by developing a plan for:
- Detecting problems, such as unauthorized use or access of computers by employees or hackers
- Tracing the source of the problem
- Finding evidence of the incident, such digital time and date stamps on the information used or accessed
- Preserving the evidence so it can be used in legal or disciplinary actions, without the authenticity of the evidence being called into question
- Fixing the problem with as little business interruption as possible
- Preventing similar incidents in the future
This all can be - and usually must be - done in ways that don't violate the Fourth Amendment's protection against unlawful searches and seizures, as well as the federal Wiretap Act.
In today's digital world, information is easy to create, store, and share. Unfortunately, it may be just as easy to steal or abuse that information. Cyber forensics may be the key to protecting your information and your business.
Questions for Your Attorney
- Are there any reasons why I shouldn't use my company's IT department for forensic investigations?
- Can I have my employees' work computers searched at any time without their knowledge or permission?
- Can I press criminal charges against a former employee who sabotaged my business computers? Can I sue him for the costs of repairs and lost business I suffered?