The tools your computer forensics expert brings to your case

An understanding of both the technology and the people who interact with that technology is a tool your computer forensics expert will use to investigate systems

In the prior article in this series, I pointed out that the situations that will require a computer forensics analyst are people issues first. The tools your computer forensics expert brings to your case also begin with people skills. Investigating computer systems and working effectively with enterprise IT staff require finesse and the ability to deal well with stakeholders.

My former partner Mitch Dembin wrote an article a number of years ago comparing technical people to his fellow attorneys. Mitch explained that computer people are binary, and lawyers deal in gray areas. I often see this in practice. In a case where a former employee denied having printed an important file, my attorney client asked IT administrators if there were print logs. An IT administrator told the attorney no. The next day I was working with the same admin and sat with him at a workstation. I asked him to bring up the Windows event logs. No, they are not called print logs in Windows. I saw the Windows event logs had records for about 150 print queues on the network, including the printer used by the former employee. As it turned out, the Windows event logs had recorded his user name as having printed a file with the right name and size as reported by witnesses.

Contributing Author

author image

Peter Garza

Peter Garza is the managing director of Forensic West, Legal Services at DTI. Garza has worked as a consulting, testifying or neutral expert on hundreds...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.