In the prior article in this series, I pointed out that the situations that will require a computer forensics analyst are people issues first. The tools your computer forensics expert brings to your case also begin with people skills. Investigating computer systems and working effectively with enterprise IT staff require finesse and the ability to deal well with stakeholders.
My former partner Mitch Dembin wrote an article a number of years ago comparing technical people to his fellow attorneys. Mitch explained that computer people are binary, and lawyers deal in gray areas. I often see this in practice. In a case where a former employee denied having printed an important file, my attorney client asked IT administrators if there were print logs. An IT administrator told the attorney no. The next day I was working with the same admin and sat with him at a workstation. I asked him to bring up the Windows event logs. No, they are not called print logs in Windows. I saw the Windows event logs had records for about 150 print queues on the network, including the printer used by the former employee. As it turned out, the Windows event logs had recorded his user name as having printed a file with the right name and size as reported by witnesses.