Bill Dean #581

 

Internal Investigations

Most all employees have access to or rely on computers to perform the duties assigned to them. With the lines of work and personal lives becoming more and more blurred, employees often use company computer for personal tasks and personal computers for work. Investigating a computer used by an employee will assist in determining all facts involved allegations of discrimination, sexual harassment, and unfair discharge as they are serious threats that are better understood by knowing what an employee did. 
Computer forensic investigations can also be crucial in determining theft of intellectual property. No business wants to allow a competitor to hire an employee, and in the process have them steal valuable confidential information. In most cases the stolen information is stored on computers, with computers used to initiate the theft.     
Computer forensics can be used to determine the actions taken by a misbehaving or dishonest employee to provide you the evidence needed for fair and resolute decisions.  Computers are persistent in auditing the actions of users and retaining electronic evidence that is very difficult to destroy.  


Why you should rely on a third party to perform internal investigations


The most important aspect of a successful computer investigation is the ability to collect and analyze the evidence in a forensically sound manner. While technical understanding is definitely required, legal understanding, the integrity of the evidence, and concise reporting by a qualified forensic professional is needed to not only provide the information, but to defend the investigation if litigation occurs.
Your IT staff is essential in allowing you to run your business from a technical perspective. However, proper computer forensic investigations require specialized training. Computer forensic investigations should be handled by third parties that specialize in computer forensics for the following reasons:

  • Internal resources may be viewed as lacking independence.
  • Internal resources may lack the legal-related experience.
  • Internal resources may not be qualified to act as an expert if litigation occurs.

Evidence that exists in a digital format is very fragile and susceptible to inadvertent alterations. If proper chain of custody is not established and verified for all evidence involved, the integrity may be questioned during litigation and the evidence may not be able to be used. Failure to use a trained computer forensic professional, critical evidence may easily be destroyed, discredited, or never uncovered. Below are some common examples:

  •  All files opened by your IT department show an access date/time that proves someone other than the subject employee had access to the critical files.  In this situation, it is difficult to establish that the suspect employee was responsible for whatever you find. 
  • Simply turning on a computer, looking at directories and opening files will cause the operating system to write information on the hard drive, thus overwriting information that might otherwise be useful. 


In most instances, an employer may simply want to know what an employee is doing on company time. With no intention of a dispute, the decision is made to perform the investigation themselves. Unfortunately, this often turns into a mistake. Few companies anticipate a dispute, but workplace litigation continues to grow. The majority of internal investigations do not go to court. But if they do, you want to be certain that the information that supports your position is all information available and will withstand any scrutiny.

For more details on simple examples of information that can be gathered from a computer forensic investigation, please read our explanation of computer forensic serviceĀ and our Computer Forensics FAQ.

 
ForensicDiscoveries.com © 2006 | Privacy Policy