Building a Business Case for Computer Forensics

client’s recent experience with a mysterious and unexpected crash of its servers demonstrates the value of having good information. The crash caused the loss of data to that client’s critical Accounts Payable and Accounts Receivable records that kept its banker informed of the company’s financial state. After making an initial assessment of the issue, the company inquired about the use of computer forensic services to identify the source and come up with a remedy. A week after pursuing answers through some of its product vendors produced a lot of frustration and no answers, the services of a computer forensic professional were requested. On day one, the forensic expert identified the potential source. Day two produced a confirmation of what was suspected on day one. By the end of day three, the company was back to business as usual. All of this was possible because information about the incident was available. In a previous issue, I pointed out that computers capture large amounts of information. Deleted files, revisions, and information about user activities are readily available to a computer forensic professional. Today, almost every piece of paper with information on it is or was in a digital format at one time. Events that occur on or over the computer hold key pieces of information vital in answering the what, who, when, where, and how of a particular issue. Unfortunately, most of this information is not found in plain view. Technology is every malcontent’s dream come true. It provides anonymity and allows malicious individuals to perform their actions from remote places. Are you swimming in information? If you answered “yes,” is it the right kind of information? Often, the key ingredient that makes information systems valuable is having good information. Having the right quality and quantity of information makes decisions timely, effective, and result oriented. Inquiring about a comA