One of the most interesting parts of our job is computer forensics. Most geeks don’t have the white robes or the chiseled cheekbones of the TV CSI guys. We do have their skills. Sometimes businesses ask for our help when an employee leaves a company and goes to work for a competitor, taking the customer or vendor lists. Or when a disgruntled employee quits and suddenly computers she was working on start behaving oddly. People bring in their computers to check on a cheating spouse or extract evidence for a child custody dispute.
If you watch any spy movie or even a recent Ironman, you can see that to copy or transfer a file takes seconds. To find evidence of a transfer takes many hours of painstaking work. For example, companies, government and law firms ask us to find important files that had been deleted, copied from a work laptop or transferred to a personal email. We thoroughly examine the work computer to find any traces of the files. We also check the USB flash drives to find the files the clients are looking for.
Frequently we are also asked to determine if the current computers problems (running slow, missing or damaged software or files, disabled anti-virus protection) is caused by a disgruntled employee. When we work on these cases we examine and clone the hard drive and test the existing drive. To check the history we also run special software to analyze past events of the system and log files. We also look at the traffic that was passed between the computer and the server. Sometimes we find that antivirus software was removed at a certain time by particular user, which left the system unprotected and caused its contamination by viruses.
Recently we had an interesting case where a customer was convinced that his computer was hacked and also his cell phone that had been taken over and used for malicious purposes. His files and folders were disappearing and computer was behaving strange. After a careful review and scanning of the systems, our specialists concluded that he was not hacked but had viruses and spyware on his computer. The client also changed very advanced settings within Windows inadvertently changing system operation and stability.
Every case we have is different and always unpredictable. What helps us is that it is very difficult to completely purge the computer of any traces of activities. It’s possible, but most people do not bother or are not aware. That’s where the experts come in and discover what really had happened.