Computer forensics have hit the big time. A previously "superniche" technology, forensics have moved into the collective consciousness of IT sys. admins. and Corporate CSO's. In recent months (late 2002-early 2003), I have seen more articles addressing the use and definition of corporate computer forensics than ever before. I've seen a general acceptance of investigative software as a useful tool for keeping the enterprise internally secure.

Much has been made of firewalls, VPNs, smartcards, and biotechnology. These things are important of course, but how are companies investing in protecting their internal security? Threats from within make up a good percentage of identity theft (read: NY Horse Racing Association scandal), credit card fraud, proprietary information theft, harassment, and intellectual property violations. All very serious business indeed. I am positive that most high tech Human Resources departments do not employ a forensic investigator, nor is it likely that there exists the appropriate funding for IT admins. to attend forensic training.

Proper tools and training are definitely important. Understanding the methodology behind forensic investigations is even more important. I'd go toe to toe with anyone that thought they could purchase a bargain forensic toolkit and do a decent job of it. It's just not comprehensive enough. Then again, what is "enough?" There are many determinants to deciding on appropriate investigative tools: How secure do you want to be? What exactly are you looking for? Do you need to monitor crucial business functions like Accounting and Finance? Is leaked information in Software Engineering a cause of concern? Are PCs and laptops properly investigated for signs of abuse when an employee has left or been terminated?


These are questions that beg consideration. The "threat" to corporate security is not waiting around the outside of the parking lot day after day. Sometimes, yes. More frequently, it's internal. Multi-national companies pose an interesting challenge in that there are hundreds, sometimes thousands of people networked together, making the ability to respond to threats in real-time and from a remote location, increasingly important.

Privacy Issues?