Computer Forensics: An Overview

Computer Forensics: An Overview

By: Reese Kimmons, MS ISA

 

When you delete a document or file from your computer, it doesn’t just go away.  Your operating system merely marks the space the data occupied as being available for use again.  Until that space is overwritten, and sometimes even after it is, all or part of that “deleted” information may be recovered and reconstructed.  Computer forensics investigators specialize in retrieving data such as this using procedures that ensure the recovered information will be admissible as evidence in court should that become necessary.  Forensics specialists apply their skills to retrieve deleted, encrypted, hidden, lost, and protected files from personal computers, servers, storage devices, phones, and tablets.  In many cases, a forensics investigation can also reveal how the recovered data was used, the origin of that data, and how and with whom it was shared.  The evidence these investigations uncover often becomes the deciding factor in both civil and criminal proceedings.

 

The process and the people

 

Forensics engineers must adhere to detailed policies and procedures regarding preparation of the systems they examine and how the evidence they retrieve will be handled.  These include processes for identifying and collecting the evidence, ensuring its authenticity, and maintaining chain of custody documentation.  Failure to follow these procedures can result in the evidence being excluded in court.

 

Once collected, the evidence is examined and evaluated using a variety of tools at the investigator’s disposal.  The investigator must document the processes used to examine the data.  Information that was tagged with a date of origin, includes a timestamp, or appears to have been intentionally hidden is often the most valuable.  Investigators record characteristics such as these in their reports.

 

Many forensics investigators possess industry certifications in the field, have advanced degrees relating to information security, and/or have a law enforcement background.

 

Computer forensics in the corporate environment

 

Common applications for computer forensics in the corporate environment include, but are certainly not limited to, cases involving fraud, intellectual property, sexual harassment, and corporate espionage.

 

As an example, if you work in the corporate world, you’ve probably been provided with notification that whatever you create on the company computer belongs to the company, even if it is personal in nature.  Computer forensics is being successfully utilized in cases wherein an employee claimed to be the owner of intellectual property and denied that it was actually created using company resources.  Even if the employee tries to hide or delete the evidence, an investigation will frequently yield the data necessary to prove that the employer is the owner of that disputed property.

 

In some cases, the conspicuous lack of evidence is evidence enough.  A computer forensics investigator was asked to review the records of a New York brokerage firm to look for evidence of criminal activity.  As it turned out, the brokerage firm’s IT personnel possessed the knowledge required to completely remove the pertinent files in a way that prevented the investigator from recovering them.  The investigator, although unable to produce the incriminating data, was able to report to the court that emails and other files that should have been stored on the company’s systems were no longer there and that they had been intentionally removed.  This was enough to cause the judge in the case to convict those involved in the cover-up, ruling that they had tampered with evidence in an effort to conceal their criminal activity.

 

High profile criminal cases

 

One of the more memorable cases wherein computer forensics investigations provided critical evidence was that of the BTK Killer.  In this cold case, police worked for three decades to locate the murderer of numerous women during a 16 year crime spree.  After 10 years without much progress, the killer made the mistake of sending police a floppy disk containing a Microsoft Word document.  Metadata recovered from that file by a forensics investigator led police to the killer within a matter of hours.  He later confessed to the murders.

 

In another case where computer forensics played a significant role, investigators found medical data on a doctor’s computer indicating he had authorized the administration of lethal levels of propocol to his patient, who subsequently died.  The doctor was Conrad Murray.  His patient was Michael Jackson.

 

In 2010, the wife of Baptist minister Matt Baker died from an apparent suicide.  She ingested an overdose of sleeping pills and left a suicide note, or so it seemed.  Although this appeared to most to be an open and shut case, investigators kept it open for four more years as they searched for, and examined, evidence.  A forensics investigation of Reverend Baker’s computer eventually revealed information leading to his conviction and a 65 year prison sentence for his wife’s murder.  The data recovered not only called his character into question, but also revealed that, shortly before his wife’s death, he had researched sleeping medications, overdoses, and pharmaceutical sites.

 

Summary

 

Evidence gathered during computer forensics investigations is used in divorce cases, murder trials, identity and intellectual property theft proceedings, fraud, forgery, tax evasion, and sex offense cases, to list only a few.  If a computer, tablet, phone, or storage device was utilized at any point during the planning or commission of an act that results in civil or criminal proceedings, a computer forensics investigation may yield key evidence needed by the court to render the appropriate decision.  Should you require the services of a computer forensics investigator, find one that has the experience, training, credentials, and tools necessary to provide quality results while following procedures to ensure the evidence they uncover is not tainted and is admissible in court.

FTC releases agenda for Safeguards Rule virtual workshop

Financial institutions collect personal information from customers every day, from names and addresses to bank account and Social Security numbers. The Gramm-Leach-Bliley Act’s Safeguards Rule requires those institutions to develop, implement, and maintain a comprehensive information security program. As part of its regulatory review process, the FTC has proposed changes to the Rule. Join us on July 13, 2020, for Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule, where FTC staff and guest speakers will explore the issues. And take a look at the just-released agenda to check out what’s up for discussion.

 

Read the entire article here.

Statement by DNI Ratcliffe on Recent Press Reporting

Statement by DNI Ratcliffe on Recent Press Reporting

WASHINGTON, D.C. — Director of National Intelligence (DNI) John Ratcliffe today released the following statement:

 

“I have confirmed that neither the President nor the Vice President were ever briefed on any intelligence alleged by the New York Times in its reporting yesterday.”

 

 

 

FOR IMMEDIATE RELEASE

ODNI News Release No. 25-20

June 27, 2020

Statement by DNI Ratcliffe Statement on Recent Press Reporting

WASHINGTON, D.C. – Director of National Intelligence (DNI) John Ratcliffe today released the following statement:

 

“I have confirmed that neither the President nor the Vice President were ever briefed on any intelligence alleged by the New York Times in its reporting yesterday. The White House statement addressing this issue earlier today, which denied such a briefing occurred, was accurate. The New York Times reporting, and all other subsequent news reports about such an alleged briefing are inaccurate.”

 

###

Read the entire article here.

DNI Ratcliffe Statement on Impact of Unauthorized Disclosures on Force Protection

DNI Ratcliffe Statement on Impact of Unauthorized Disclosures on Force Protection

WASHINGTON D.C. – Director of National Intelligence John Ratcliffe today issued the following statement:

 

“U.S. and coalition force protection is a critical priority for both the President and the Intelligence Community. The selective leaking of any classified information disrupts the vital interagency work to collect, assess, and mitigate threats and places our forces at risk.”

 

 

FOR IMMEDIATE RELEASE

ODNI News Release No. 26-20

June 29, 2020

 

DNI Ratcliffe Statement on Impact of Unauthorized Disclosures on Force Protection

WASHINGTON, D.C. – Director of National Intelligence John Ratcliffe today released the following statement:

 

“U.S. and coalition force protection is a critical priority for both the President and the Intelligence Community. The selective leaking of any classified information disrupts the vital interagency work to collect, assess, and mitigate threats and places our forces at risk. It is also, simply put, a crime. We are still investigating the alleged intelligence referenced in recent media reporting and we will brief the President and Congressional leaders at the appropriate time. This is the analytic process working the way it should. Unfortunately, unauthorized disclosures now jeopardize our ability to ever find out the full story with respect to these allegations.”

Read the entire article here.

Six steps toward more secure cloud computing

For businesses, cloud services are kind of like clouds. At their best, they can be soothing and expansive. But for companies that fail to appreciate the security implications, their ethereal presence may hide dangerous storms within. As cloud computing has become business as usual for many businesses, frequent news reports about data breaches and other missteps should make companies think carefully about how they secure their data. The FTC has six tips for your business about making your use of cloud services safer – both for you and for the consumers who rely on you to safeguard their information…{more}

Read the entire article here.

Unemployment benefits fraud puts workers at risk of more ID theft

A large-scale scam involving phony unemployment benefits claims has been making headlines. Criminals, possibly based overseas, are filing claims for benefits, using the names and personal information of people who have not lost their jobs. The investigation is ongoing, but this much is known: the fraud is affecting tens of thousands of people, slowing the delivery of benefits to people in real need, and costing states hundreds of millions of dollars.

Read the entire article here.

Message of the Qualpay case: Heed possible signs of fraud

 

Ostriches get a bad rap. The popular perception is that the species Struthio camelus bury their heads in the sand. But, in fact, they flee from perceived danger at speeds that top 60 miles per hour. An FTC proposed settlement with a payment processor that ignored signs that certain clients were engaged in fraud suggests that more companies should follow the real-life example of the ostrich and hightail it away from any association with illegal conduct.

Read the entire article here.

Houston Private Investigation Company Spotlights Hidden Business Threats

Business Alone in the Dark – Under the Spotlight – With Copyspace

Houston Private Investigation Services

Running a business involves a great many challenges, and this Houston private investigation company helps when those challenges involve threats to the business. They can involve internal, external threats, or both. Often you’re in the dark, unaware of threats, and the job of the private investigator is to spotlight them for you.

Internal Theft

In businesses with inventory, especially warehoused inventory, shrinkage is often considered a part of business. Often it’s only addressed when it reaches a level that can’t be ignored. By that time the money lost could have hired an investigator to ferret out the employees or vendors who are pilfering the stock. Sometimes the long term solution is a well-executed profiling and background check system for new hires and periodic followup.

External Theft

Customers, vendors, transportation companies, and others are all in positions that could facilitate theft of your products or services. If you’re experiencing losses, and internal theft isn’t the problem, consider hiring professional help to locate the sources.

Intellectual Property Theft

This category of theft also involves trademark and copyright infringement. Proprietary software and other intellectual property, including marketing plans, are all at risk for theft. If you have a secret or proprietary process that works well for your business, you can bet that competitor businesses would love to have it. Don’t wait until they find a way to steal it before you take protective measures.

Litigation Services

If you’re in business long enough, it’s likely that you’ll find yourself in a litigious situation. It doesn’t matter whether you’re being sued for something you’ve done or if it’s just a nuisance action. All legal action against your company is a threat to your ongoing business. This Houston private investigation company is hired by many prominent attorneys for investigations related to defense in lawsuits.

TSCM, Technical Surveillance Countermeasures

It’s always gratifying and interesting to see management reactions when spying devices, bugs, cameras and recorders are discovered in a business. Sweeping and debugging are services in high demand in today’s high-tech world. If your business has proprietary or highly successful processes and methods, someone would love to have them as well. A sweep of the phone systems, meeting rooms, and offices of a business can result in the discovery of all kinds of spying devices.

Computer and Cell Phone Forensics

With a major part of our personal and business lives conducted over cell phones and recorded or performed on computers, it’s only natural to find that there are others who would find ways to track our activities on these devices. Locating malware and other software and applications that spy on your activities is what computer and cell phone forensics is all about.

Personal Protective Services

If there are physical threats to company personnel, this private investigation company has the equipment and expertise to protect them at work, home, or wherever you choose. Highly trained investigators are experienced at personal protective services.

All of these are services provided on a regular basis by this Houston private investigation company. With other branches around Texas, contacting Rob Kimmons at Kimmons Investigations is a wise move for any business owner or manager who wants to spotlight issues and resolve them for a better and more profitable business.