Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Computer forensics follows the bread crumbs left by perpetrators

Ryan Francis | May 9, 2017
As investigators, these security pros let the clues lead them. See in a few examples how commercial software helps these techies solve the crime.

The boss gets tipped off that an employee might be leaving the company and in so doing is trying to grab as many clients as possible to take with him to his new job. The company brings in computer forensic specialists to look through the employee’s actions online to find the evidence before confronting the employee.

Alfred Demirjian, president and CEO of computer forensic company TechFusion, has seen that and many other scenarios in the 30 years he has been in the business--anything from an employee sabotaging a former company through hijacking an email account to misusing the internet on company time. Commercial software allows his company to dig deep into an employee’s social media postings and texts, or to track them by GPS if they have a company-owned smartphone.

A client might give them a date range and TechFusion can run through the gamut of company emails to see the interactions the employee had with clients.

“Computer forensics will play a greater role in exposing the malicious acts of people. As it continues to advance, it will make it more difficult for people to hide their wrongful acts and easier to have them held responsible,” Demirjian said.

Technology has come a long way since Demirjian got into the business. The industry has advanced from one that utilized the operating system commands to one that is software based, he said. “It is now more important to have experience with the tool being used then the system being worked on.”

He added that the software has improved with greater and broader compatibility and capability. “It is faster and less expensive. This has enabled forensic engineers to perform many more tasks,” he said.

TechFusion has been involved in some high-profile cases, most recently being the infamous cell phone of New England Patriots quarterback Tom Brady. When the NFL asked to examine his texts, Brady said he had gotten rid of the phone. Those texts were later found. TechFusion was also tasked with reviewing the surveillance video taken from the late-Aaron Hernandez’s house the night Odin Lloyd was murdered.

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. This involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Ryan Kazanciyan, chief security architect at Tanium, said forensics is the process of reconstructing and analyzing digital evidence to determine how a device or system was previously used. At the most basic level, so-called digital evidence can take the form of endpoint-centric data (such as the contents of a hard drive or memory), network-centric data (such as a full packet capture of all network traffic traversing through a specific device or site), or application-centric data (such as logs or other records related to the usage of a program or service).

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.