The latest industry news, articles and events
‘Bad leavers’ and those considering starting up their own rival business, at all levels of seniority, are costing organisations large sums of money. Often there is no proactive legislation in place to combat or deter these actions.
Instructing a digital forensic investigator is often seen as a reactive measure, following suspected or observed unauthorised activity within an organisation. It is often seen as a covert action, and for the uninitiated, can come across as intrusive and speculative. In reality, the skillset of a digital forensic investigator can uncover a hidden audit trail of actions on a digital device, whether it be a mobile phone or computer. Skilled investigators can piece information together to understand:
There is also huge scope for digital forensics to form the cornerstone of any prudent employment contract, data protection policy or risk management policy.
The key step to any forensically-sound investigation is the ‘Forensic Image’. This is essentially the creation of a digital copy of all the information held by a digital device, such as a computer or mobile phone. Devices are powered-off to preserve all metadata (such as time and file creation date) and the forensic image is then created. This ‘image’ is then uploaded onto a dedicated computer and booted up through specialist forensic software for all analysis and investigation to be undertaken.
Often, companies will seek to pursue a digital forensic investigation, months after the unauthorised access has occurred. Whether it’s a salesman announcing his new position at a rival company, or clients calling to voice their confusion over being approached by an ex-Director, who has started his own company in the same line of business. Companies are predominantly reactive in their nature.
During this time span, computers are likely to be re-allocated and used daily by other employees, and any deleted evidence that was once retrievable is no longer retained by the device.
What if, as part of a risk management policy, there was a proactive mandate in employment contracts or data protection/preservation policies? This could specify that upon being made aware of an employee exiting the company, any work-designated digital device is to be collected by a digital forensics expert and a digital forensic image created. The device is then returned to the office and can be re-purposed for a new user – all in under 48 hours.
This essentially creates a holistic overview of the device at the earliest possible opportunity, and allows a greater level of control, while minimising business disruption. The forensic image can then be stored in a secure evidence room on a physical storage device, freely available for continued investigation, at any point in the future, at immediate notice.
London: 0207 438 2045
Manchester: 0161 797 8123