New York, NY (PRWEB) March 08, 2013
In todays digital society, the protection of corporate ESI (Electronically Stored Information) has never been more tied to the survival or demise of businesses and corporations, no matter how large or small. And in todays global marketplace, that can sometimes mean walking a high-wire between the quest for profit and the interests of national security. The alleged suicide last year of Shane Todd, a bright, young engineer who decided to take on the adventure of working overseas in Singapore, has recently launched into the national spotlight, all due to digital evidence recovered by his own family after being overlooked by Singaporean investigators. Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), took some time to lend some insight into how computer forensics specialists help clients on many fronts, from protecting data via strengthened cyber security, to helping investigators on both the civil and criminal fronts.
All Playing Fields are Not Created Equal
Let me start by saying the perseverance and determination shown by Shanes family in seeking the truth must really be commended, especially going through it all at a time where the pain and anguish of a lost son and brother is so fresh and intense. Having assisted investigators with cases in many different countries, both corporate and criminal, I know the course to the truth certainly does not always run in a straight line. There are cultural considerations, government bureaucracy, differences in legal proceedings, privacy protection and investigation procedures, and a whole host of other pitfalls to navigate. And they had to face the trifecta, international corporate interests, national security interests, and a criminal investigation in the hands of a tightly controlled-by-the state-for-the-state foreign country. But maybe someone upstairs was looking out for them, because they hit the jackpot when they took what they thought was a speaker from his apartment in Singapore that turned out to be an external drive to which he seems to have backed up a wealth of eye-opening information. All the rest of his electronics were seized by local investigators and the Todd family has never been able to get a look at the contents of any of it to this point. The authorities in Singapore also refused assistance offered by the FBI in investigating the case, so no help there either.
What Kind of Information Can Computer Forensics Uncover?
The Todd family made the smartest move they could have, they got that drive to a computer forensics expert. The first step is always making a forensic bit-by-bit image of the drive. This leaves the original untainted and lets the forensic analyst perform their searches on an exact duplicate of the drive that is hashed to create a unique signature, which is basically like a digital fingerprint that can be used to verify the authenticity of the image. If even one bit of information is changed, the unique alphanumeric hash signature will also be changed. This serves two purposes, nothing can happen to the original and the hash verification helps with authenticity and admissibility should the matter find its way into a courtroom. Then comes the often long and arduous process of finding relevant data. Data is stored in many places on a drive, the designed function of operating systems ensures this. That leads to the next step, the discovery of all files on the drive, including active files, and files typically invisible to the user like deleted files, as well as hidden files, password-protected files, and encrypted files. In many cases, deleted files and fragments of data can be found in the space allocated for existing files known as slack space. Special skills and tools are needed to obtain this type of information or evidence, but it is often a treasure trove of relevant information.
Finding the When, How and What often leads to the Who and Why
Just like in any investigation, building a timeline of events is crucial. Computer forensics lends itself particularly well to this aspect of an investigation, thanks to the fact that basically everything being done on a computer has a handy little time-stamp if you know where and how to look. In this case, their computer forensics guy was able to determine that data was accessed a couple of days after Shanes death, obviously monumentally important. There are ways to determine which files were accessed, and sometimes even for how long and by whom. There are also ways to determine if other USB devices were attached, what was downloaded and when. With experience, these details can paint quite a picture and lend insight to investigators which helps them answer the two most burning questions in an investigation of this type, who and why. There are a host of other ways computer forensics specialists can add laser like details to the broad strokes of an investigation as well, tricks and methods that are only really learned by years of experience and trial by fire.
With major news outlets like CNN and CBS now covering the story about Shane Todd’s mysterious suicide, its a good bet that in the days ahead more details will be sought based on the intriguing digital evidence recovered by his family and revealed so far, a story with all the elements of spy novel (see a detailed accounting of events in this expos