Despite the Sherlock Holmes, or even James Bond, image many people have of the private investigator, the reality of day to day life is far more down to earth and unglamorous. Much of the work carried out for clients is actually done at the office desk, and this have never been more true than in a world where so much information is held in computers and online. Even a missing persons case, or an insurance investigation for a suspected fraudulent claim, will start and end with checks being carried out on public databases or on systems where access is provided by the client.
Such reliance on computers has led to specialisation within the investigation industry. A growing number of private detectives now spend all of their time in front of screens as computer forensic experts. Their role is to dig deep into the hard drives and online accounts of individuals who think they have hidden or deleted incriminating information to the point it is beyond human reach.
The work is often done discreetly, so as not to alert the person under investigation, and can track down evidence of such behaviour as the theft of computer files, hacking, the sending of malicious emails, internet abuse and grooming. The key here is the collation of evidence. The role of the private investigator is to gather evidence that will help the client make their case. This could be a company wishing to check out an employe's workstation as a source of incriminating information, or a client wanting to trace the source of a malicious virus unleashed on their systems.
Often the information that is retrieved has been deleted, encrypted, or hidden within various layers of protection and Firewalls. The forensic investigator will use the most advance software and his expertise with systems to find files and records that the suspect thought they had removed or buried too deep to be found. This is done by examining not only the files on a hard drive, but the data that the system spreads around and between those files. And the search can often produce results that reach far beyond the actual suspect. They may contain communications with others who were not originally under investigation, but are incriminated by the contents of their own messages that have also be stored without their actually realising it.
The evidence gathered usually includes:
The use of particular software, and a record of any modifications that have taken place.
The recovery of deleted files and images.
Records and timings of signing in and out.
Whether the computer has been accessed remotely.
Emails and internet websites visited.
The recovery of deleted files and images.
Records and timings of signing in and out.
Whether the computer has been accessed remotely.
Emails and internet websites visited.
Usually the work will be carried out using “Disk Imagingâ€. This means a copy of the hard drive as it was before the investigation began is taken, and this is what is investigated. The original is left so it can be used as incriminating evidence.
While this type of forensics investigation may lack the excitement of field work, the evidence uncovered is collected discreetly, safely and often with damning results. This makes computer forensics an invaluable service for clients and one of the most effective weapons in the detective's armoury.
0 التعليقات:
Post a Comment