http://australianit.news.com.au/articles/0,7204,6375024%5E15321%5E%5Enbv%5E15306,00.html Simon Hayes MAY 06, 2003 WITH an increasing emphasis on the recovery of electronic documents in crime investigations, nothing on your PC is sacred any more, according to leading computer forensics experts. Company emails, Hotmail-style email accounts and even voicemail systems are leaving audit trails for forensics specialists. And corporate and government investigators are calling on those skills. Lately, computer forensics experts have even taken a more prominent role in the music industry's search for alleged online music pirates. Ferrier Hodgson senior manager for computer forensics Jason Beckett - for seven years head of the NSW Police Computer Forensics Unit until he made the switch to the private sector last year - says his firm is swimming in work. The company is even considering training all its IT staff to provide support services for forensics staff to cater for the growing demand. "Since I left the police the market's come to me, everything from government regulators to family court matters," he says. "This is often a much easier process than a normal investigation." Ferrier Hodgson's work includes everything from civil work to murder investigations that demand computer forensics. In particular, private industry is increasingly willing to call in specialists, he says. "Five years ago companies were hesitant to report crimes but now crime is getting out of hand," he says. Aside from frauds, the firm is making use of computer forensics in its insolvency work. "In our insolvency work, the legislation says we must collect documents, and that includes electronic documents," he says. Forensics experts such as Beckett use visualisation and reconstruction tools, such as EnCase, to copy hard drives and reconstruct them on other machines without altering the data. Their techniques allow them to get snapshots of data that includes everything from documents to deleted emails. "One of the first things we do is collect emails, including from Yahoo! and Hotmail," he says. "We take an image of the hard drive to see if they have email accounts other than internal email. It's a simple process -- we are even able to recover voicemail." But some areas will always remain the domain of police forensics experts, Beckett says. "The corporate sector can't do child pornography investigations, for example. But other matters that don't require an immediate response can be outsourced, because the police only have a finite set of resources available," he says. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue May 06 2003 - 00:06:16 PDT