A. Computer forensics deals with the
extraction, analysis, and presentation of
evidence collected from computers or any digital
device that can be classifies as a computer. The
proof or otherwise of a fact in issue before a court
of law or arbitration tribunal is predicated on
pro active is the best approach to be adopted with
any issue concerning computer evidence. To avoid the
attendant cost for non compliance; interference with
corporate work and a knee jerk reaction to court
request for document disclose, the use of
computer forensics must, as a matter of policy be
integrated with the corporate objectives and
What ever the temptation, do not start an internal
investigation without consulting a legal or forensic
expert. Most cases fail on the initial use of
reckless and ignorant procedure in investigation
consequently rendering otherwise probative evidence
Q. Can my IT Department conduct Computer Forensics Investigation ?
A. The answer to this is YES and NO.
Your internal IT department can conduct a forensic examination if the proper structure has been put in place. Because of privacy and other human right laws, combined with the real possibility of destroying evidence and exposure to legal liabilities, the necessary protocols, training and authority must be in place before any assigned personnel may undertake forensic investigation within an organisation.
Experience has shown, that the most problematic areas in dealing with forensic evidence is associated with panic and knee jerk reactions taken by untrained internal staff; which often results in compromised digital evidence that turn out to have no real probative value.
Back to the question, your IT department can conduct forensic investigation if there is personnel with the requisite forensic and incident response training coupled with predefined scope of authority.
Q. When should I call in the Computer Forensics Expert ?
A. Acting in a proactive instead of a reactive manner, it is appropriate to call in a computer forensic expert to conduct a gap analysis of your enterprise network for possible flaws with respect to potential litigation as it affects document discovery, incident response policy, IT use policy, and Security protocol, document access and retention strategy.
However, if compelled to act in a reactive mode. The
best time to call in a forensic expert is
immediately a security breach is detected or there
is potential litigation in the horizon by internal
staff or corporate clients.
What is an incident response
Protocol - do I need one ?
An incident response protocol is the product of a thorough examination of Particular Network, spelling out the steps and processes to be followed when an incident occurs on a network. It is the reference point that ultimately determines, in terms of response to a crises, what was done right and what was a faulty response and possibly locate responsibilities to pre assigned personnel.
A well implemented protocol takes out the guess work in times of response, it also helps to prove due diligence on the part of a company IT infrastructure implementation, especially for insurance claims, 3rd party relationships and establishing Security baselines.
What are the implications, if
I ignore Computer forensic evidence?
A. Stop using the Computer immediately ( except, if it is not viable in your peculiar circumstances to do so). Disconnect the computer from the Network by removing the Network cable. Ensure you do not switch off the computer this will lead to the loss of volatile data. Secure the area where the computer is located and if possible treat it as a crime scene . Record any unusual visual observations around the desk and the computer. DO NOT try and start investigating the computer yourself if you have no formal computer forensic training. Once the area is secured, call in the expert.
A. Firstly, it shows compliance or otherwise with best practices and defined user protocols. It is a proactive instead of reactive measure to ensure the smooth running of your Computer Network. It also provides a gap analysis for the purpose of ensuring compliance with corporate governance legislations and directives.
An IT Audit requires a conscious effort to streamline the Business practices against the backdrop of the business alignment needs, business security, implementation of the business process and Business continuity strategies. A regular IT Audit of the Business therefore prevents a knee jerk reaction to crisis and business continuity needs in times of disaster.
A. Download our service form here Log on to our Contact Page and request a Client Code. This will be sent to you within 24hrs. of receipt of your email. It is important you indicate clearly and boldly this client code on the package. If sending a physical disk or storage device , it is your responsibility to ensure it is properly packed for transport. In addition to proper secure package and posting we suggest disk be enclosed in a bubble wrap. Please send your package to: