Trine cybersecurity expert explains role of forensic computer examiner
Wondering whether someone has intentionally downloaded inappropriate material to a computer? A forensic computer examiner can assess the situation and determine what happened.
During the last week of National Cybersecurity Awareness Month, Trine University professor Timothy Carver explains the benefits of using a qualified forensic computer examiner to get to the bottom of an unfortunate situation. Carver is one of the experts who teaches in Trine’s new cybersecurity program.
Work with your friendly neighborhood forensic computer examiner
For the sake of discussion, you’re a business person. You’ve found an employee who has been downloading unacceptable content to a company computer. This content is adult in nature. The employee claims he doesn’t know how it got on the computer. Can you find out how? Or how much was found? Was it there by intent, accident or in passing? When did it get on the system? And, if necessary, how do you explain all of this technical mumbo-jumbo in a way others can understand?
Fortunately there are people who can help. A forensic computer examiner has the ability to examine digital devices, help promote electronic discovery, recover data and document the findings. The examiner will have hardware and software specifically for this work, along with specialty tools for very definite work.
Finding a qualified person, one who could be an expert witness if necessary, can be difficult. First, does the person have a degree? The higher the education level, especially in computer science or informatics, can be helpful. A person with such a degree will have more knowledge about what’s going on “under the hood.”
Next, a qualified person needs specialized training to go with a degree. Look for a person who has gone through training in digital forensics. Certification on top of education is an excellent combination. Check out what organizations to which the examiner belongs. Is the certification current? What testing standards are employed? Membership in professional organizations also allows examiners to ask and answer questions without revealing case details.
An examiner should be as experienced as possible. The problem is the number of certified examiners is still yet small. The field of digital forensic science is positioned to grow during the next decade or more. But there are few civilian examiners out there as most examiners are in law enforcement. Contacting some of the forensic examiner organizations to find a person close to you is best. One source is the International Society of Forensic Computer Examiners (ISFCE). The testing for the certification is rigorous and thorough, and the people who succeed are highly qualified. The organization was formed by a retired FBI examiner who saw the sorry state of so called examiners who didn’t know how to conduct a proper exam. The ISFCE maintains a list of members at its website.
A qualified examiner should not be expected to find a “smoking gun.” However, like any other forensic science, the examiner can potentially recover valuable information, such as sites the employee has visited, dates and times of such visits and other activities that could have allowed the computer to be used for downloading unacceptable content, possibly without the employee’s knowledge.
The examiner might also find the employee intentionally sought the content in question. Do not expect the examiner to withhold anything from you. The highest quality you want in an examiner is integrity.
As more and more computers are used for business, there are more and more opportunities for abuse. Having a computer examined may help to protect your business.
Professor Timothy Carver has more than 30 years of professional experience in computers, holds a Bachelor of Science and a Master of Science in computer science and is a member of the International Society of Forensic Computer Examiners. Carver teaches courses in digital forensic science at Trine University and is a practicing forensic computer examiner.