What is Computer Forensics?

Keith Cottenden, CY4OR's Director and Head of Investigations Team discussed the issues and challenges facing computer forensics and mobile enterprise at E RADAR's Trust in Mobile Enterprise Summit, held in Manchester on 10th October 2013.

E RADAR conference delegates heard that most small and medium-sized firms are putting themselves at risk by not having in place a Forensic Readiness Policy to deal with unexpected events and failures in business continuity. These can include seizure of evidence in police criminal investigations or the requirement by a civil court or employment tribunal to produce electronic documents as evidence. In worse case scenarios the authorities can shut down a business without any consideration for the consequences on customers, suppliers or members of staff.

The issue has now become urgent with the explosion of data across the Internet and the increase in software as a service and cloud services. The demands on organisations to produce mobile digital evidence in response to current BYOD (Bring Your Own Device) and consumerization trends are increasing almost second by second.

Mr Cottenden said:

"Every time we travel with smartphones, make card purchases online and use social media we contribute to 'big data'. The growth of cloud computing services means that organisations now don't know where their data is being held. The lack of a forensic readiness policy is an issue SMEs can no longer afford to ignore."

Goals of computer forensic readiness

Keith Cottenden set out the goals of forensic readiness to include: (1) gathering of admissible evidence legally and without interfering with business processes; (2) gathering evidence targeting the potential crimes and disputes that may adversely impact the organisation; (3) allowing an investigation to proceed at a cost in proportion to the incident, and; (4) minimising interruption to the business from any investigation and to ensure that evidence makes a positive impact on the outcome of any legal action.

He referred on several occasions to the forensic best practice set out in the ACPO Guide to Computer Evidence. The Summit was conducted under The Chatham House Rule.

Presentation on mobile digital evidence