IT Forensics: When crime scene investigations go digital
Published: 24 Apr 2006 13:30 BST
Moreover, many organisations are reluctant to go down the digital forensics route because of the fear that information about potential incidents will leak out if they pursue them and this will cause damage to their reputation.
"We've all heard stories about investment banks that hush up fraud, pay people off to find out how they did it and then plug the gap because they don't want things in the public domain. They don't want to involve the police because then it goes public in major way and once they're involved, the judicial process can drag on for years," adds Douglas.
Nevertheless, many large global organisations employing more than 10,000 personnel and particularly those that operate in the investment banking or accountancy sector, tend to have their own internal digital forensics teams. While it may not be in their interest to sue individual staff members for small-scale fraud or information theft, such teams do swing into action to try and identify and track miscreants involved in suspected industrial espionage, serious and organised crime, large-scale fraud, hacking and abusive email or Web access.
"While this can be quite expensive, it's chicken feed compared to reputational loss if an incident hits the headlines or enterprises receive an adverse judgement in court over something and have to pay out large amounts for fines or damages," Douglas says.
Furthermore, since the introduction of legislation such as Sarbannes-Oxley in the US and Basel II in Europe, companies are increasingly using digital forensics as a risk management tool. For example, when a trader leaves, many large investment banks now routinely take an image of that individual's hard disk before it is handed on to a new staff member. The idea is that if any illicit activity has taken place, the copy can be examined for evidence at a later date and legal action taken, if necessary.
But the situation is quite different for smaller companies, which find it hard to justify the cost of maintaining a dedicated forensics team and investing in their on-going training. Organisations here, if they are aware of the discipline at all, tend to hire consultancies to undertake the work – although some large corporates may also go down this route if investigating internal personnel to be seen to maintain impartiality.
The problems with this approach, however, are several-fold. On the one hand, such services do not come cheap. Day rates start at £1,000 and can be as much as four times that, depending on the agency. Moreover, investigations can take anything from a couple of hours to check out whether a particular staff member has sent a damaging email to several months if trying to establish whether another has been running a rival business from their desk.
As a result, the Department of Trade and Industry is now advising that organisations, and small to medium businesses in particular, consider creating a contingency fund of between £20,000 and £40,000 to help them tackle such information security issues with more equanimity.
Previous
Did you find this article useful?
227 out of 440 people found this useful
- Share this article:
