Private investigators are for catching international criminals and cheating spouses right? That’s not all they do. Private investigation work spans surveillance, family law, computer forensics and legal and corporate investigations. For corporates both large and small, this means the difference between the prevention of and cleaning up a cyber attack.
Investigative work is required in relation to corporate IT networks in 3 areas, specifically:
Penetration testing is in essence, a method by which a network is tested for vulnerability. It seeks to expose any risks inherent in the network so that they may be addressed and, consequently, the likelihood of unauthorised access in the future can be minimised.
Few corporate entities carry out penetration testing. Many will instead wait for vulnerabilities to arise and then endeavour to rectify the problems retrospectively. Some entities, after actually experiencing an instance of unauthorised access (such as a hacking attack or data breach) subsequently engage in penetration testing to safeguard their system in the future.
Proper penetration testing should not only target digital vulnerabilities but also seek to limit the risks posed by human behaviour, whether inadvertent or malicious. A suitable workplace IT policy should be put in place by every employer. Very few, if any corporate entities would have in place comprehensive risk-minimisation protocols. And a weak network means your business is at risk.
The majority of IT difficulties encountered by companies can and will be solved by regular IT support workers whether they be in-house employees or representatives of external entities.
Sometimes, unusual issues will arise that may require specific technical expertise that the IT team do not have. For example, a fire may damage computer drives and the company may wish to repair and recover the data. An employee’s smartphone may store information relating to a client or account that the user cannot find but needs to recover quickly. An audio recording of a board meeting may be unclear in certain parts and may need to be enhanced so a written record of the meeting can be made.
In short, in any situation where regular IT assistance will not suffice, forensic investigator with expertise in IT may be able to assist.
While IT support personnel can be invaluable in solving day to day problems, there are particular circumstances where they can inadvertently become a hindrance. If digital evidence of any type is required, whether it be for a civil action or a criminal prosecution then there is no substitute for the proof obtained by a computer forensic expert.
A computer forensic expert is a person who is qualified and experienced to the extent that he or she is accepted as an expert witness in court in relation to the presentation of digital evidence. Regular IT support staff are not necessarily qualified in this manner and do not understand the process by which evidence should be gathered forensically so there is a risk that they may in fact corrupt the data they endeavour to preserve.
How do you know if you need a computer forensic expert? The short answer is, if there is any prospect at all that the problem that has arisen could end up in court, you should at the very least consult an expert promptly, ideally before others have tampered with the evidence. Any digital device storing potential evidence, whether it be a hard drive, server, smartphone, vehicle computer or other storage device, should ideally be turned off and quarantined immediately.
There are many circumstances in which the need for forensics arises. They include any of the following examples where evidence relevant to a civil action may be stored digitally: breaches of confidentiality or intellectual property, breaches of contract including employment contract, breaches of fiduciary duty, bullying and harassment, defamation, breach of trust and the like.
Instances of unauthorised access (hacking attempts and improper accesses by employees and ex-employees) may be the means by which the civil wrongs mentioned above are facilitated but can actually also be crimes in Australia. Other criminal activities which might necessitate the engagement of a forensic expert include attempts at extortion or blackmail (such as occurred following the well-publicised Ashley Madison hack), possession of child pornography and certain types of copyright infringement, all of which can take place in the workplace.
Police should be notified of any criminal activities but corporations should be strongly cautioned against expecting law enforcement to bring about a timely resolution of any IT-related problems. Often, if an IT issue is not resolved promptly, it is not able to be resolved at all.
Forensic expertise is most useful when coupled with investigative expertise. The importance of the forensic evidence may vary considerably, as may the importance of the legal matter itself but this should never stop a company securing the best evidence possible so they can seek to remedy their problem quickly and efficiently.
If you believe your business could benefit from talking to a private investigator, contact us for an obligation free consultation.