A company suspected that one of its employees had started a competing enterprise and was transferring clients and assets to that business. An experienced digital forensics team was directed to gain access to the compromised company's information technology (IT) systems to collect evidence, including data from e-mail boxes in a cloud-computing environment. The forensics team accessed and analyzed the shadow accounting system that was a key to the investigation, and suspended potentially hostile users' access to the compromised company's systems. The forensics team provided the analysis results to the company’s legal counsel in real time to support the filing of a temporary restraining order against the competing company1.
In the story above, the early use of digital forensics proved invaluable in a company’s investigation and legal pursuit of a renegade employee, helping avert potential large business losses. However, such effective outcomes can be challenging to achieve due to constant technology advancement. Today, vital evidence may lie in someone’s smartphone, tablet, or as happened in this story, a cloud-computing environment. Finding, accessing, and securing data from such disparate sources can be a significant challenge, especially with the number of remote or contract workers that many companies employ today, the pervasiveness of outsourced IT services, and the increasing pervasiveness of bring-your-own-device (BYOD) environments.
3 potential pitfalls in digital forensics
As noted earlier, it is important to regard digital forensics as a standard procedure and scope it in as early as possible in an internal investigation. Organizations can benefit from being alert to three potential missteps in that process:
For more information, contact:
Kerry Francis: Partner, Deloitte Financial Advisory Services LLP +1 415 783 4274 email@example.com