Need To Conduct A Proper Forensic Investigation

Computer investigation is a relatively new tool in our arsenal of investigative assets and it’s quickly proving to be an extremely valuable source of information and is emerging as a new powerful profit center for the investigative firm or company.

A digital forensic investigation is the recovery and analysis of any type of Digital Storage Media (DSM) searching to find potential legally admissible evidence. The type of evidence relevant to theft of trade secrets, theft of or destruction of intellectual property, wrongful termination, domestic cases, embezzlement, fraud, and tragic child pornography investigations.

Without forensically wiping the media, not much is really deleted from a computer and we can recover part or all of the deleted reports, emails, Internet sites visited, and graphics the suspect thought was gone forever. For the purpose of this article I will address finding the right person or firm to conduct a proper investigation.

I am aware of stories where the Detective was asked to recover incriminating
e-mails from a suspect computer collecting thousands of dollars from the client and then packing and shipping the hard-drive off to Texas, New York or some other location that’s not in my -state -USA. Only to be told; “Sorry we err…lost your computer…but say we’ll ship back a brand new hard-drive for your trouble.” Explain that to a client. I guess you can’t, can you? The answer is to find a local or regional forensic Investigator in your own area. Don’t relinquish Command and Control of your investigation by shipping out your evidence not to an investigator but a technician who knows little about the collection of evidence for court purposes and has limited or no experience testifying.

What to look for

Find a seasoned fellow investigator with the technical expertise necessary. Most of us use qualified technicians for certain aspects of a forensic examination, but it’s the investigator who is trained to recognize legal, admissible evidence that will make your case. A seasoned investigator with an established firm will be around when the time comes for court testimony.

Make sure your digital forensic resource has the hardware, software, and lab to meet your needs. Remember, should your case go to court, your case is only as good as your resource will look to a judge or jury. Visit the facility of the resource you are considering – any reputable investigative lab should welcome such a request.

Does the investigator have the assets to read stored data (SIM cards) on cellular telephones? Or any other device that is part of your investigation?

Is the forensic investigator experienced in court testimony? Does the investigator’s resume’ or credentials meet court standards for testifying in criminal as well as civil procedures.

Ensure the investigator is properly licensed with the Private Protective Service Board.

It is very important to look for standard document procedures

Release forms
Evidence tags
Chain of custody documents
Photographic and video equipment

The absolute minimum time frame for a proper investigation cannot be predicted as the size of the digital media dictates the investigative hours some cases literally take weeks. However the gleamed evidence from this type of case is often powerful and concise.

Insure the investigative lab allows you the margin to add your fees for the service with exception of direct expenses, which are normally fixed.

Finally understand that utilizing this investigative tool is expensive. Costs for setting up an investigative laboratory can easily exceed $100,000.00. The investigator must maintain expensive inventory hardware, software, technology staff and certification costs. The technology is rapidly growing and your resource should recognize their responsibility to stay current – which comes with an ongoing high cost. While this tool is one of the best, it is not for the financially or technically timid.

Feel free to contact me for any questions you may have.

The simple definition of computer forensics

… is the art and science of applying computer science to aid the legal process. Although plenty of science is attributable to computer forensics, most successful investigators possess a nose for investigations and for solving puzzles, which is where the art comes in. – Chris L.T. Brown, Computer Evidence Collection and Preservation.