NEW YORK (FORTUNE Small Business Magazine) - When the CEO of a small San Diego publishing company started receiving threatening e-mails from an anonymous address, he had a pretty good idea that someone in the company's IT department was involved. The CEO called his lawyers, who in turn called Peter Garza, a computer forensics expert and founder of EvidentData, an investigative firm in Rancho Cucamonga, Calif.

After reading the e-mails, Garza examined the CEO's hard drive and found that spyware -- software that monitors a computer user's web-surfing habits -- had been surreptitiously loaded. Garza and a team of investigators told the CEO's employees they were conducting a security audit and made copies of all hard drives. They also hooked up a device that put the network under constant surveillance. Within a few weeks Garza determined that the IT director and several others at the company were helping a fellow employee send the threatening e-mails.

Peter Garza, founder of EvidentData, at the company's office.

More from FSB Help wanted for HR firm A CEO and rodeo queen King of the mountain bike Current Issue

"Peter even found a Google (Research) search one of the IT people had done, using the name of the spyware and the word 'legal,' which took them to the spyware's legal disclaimer," says the CEO, a clean-cut man in his early 40s who asked that he not be identified. "They knew it was wrong, and they did it anyway." The guilty parties were promptly fired.

EvidentData is part of an elite but growing group of forensic IT firms staffed with Digital Age sleuths skilled at detecting computer-related misdeeds. IDC, a market research firm in Framingham, Mass., projects that the market for IT forensics will increase sharply, from $310 million in 2005 to $634 million by 2009. Purdue University started a cyber-forensics program two years ago with two classes; today there are five, all with waiting lists, says Marc Rogers, a former detective in the Winnipeg Police Department's computer crimes unit, who chairs the program. "Companies hire our students before they even graduate," he says.

For small businesses, most forensic IT cases involve employees rather than outsiders or disgruntled clients, says Michele Lange, a technology lawyer with Kroll OnTrack (a subsidiary of security giant Kroll) in Minneapolis. Lange says that more than half of her cases concern employees, who have been found involved in everything from child pornography to intellectual-property theft and internal fraud.

Small-business owners sometimes balk at using a forensic expert because of the cost, says Purdue's Rogers, relying instead on their IT director to conduct investigations. But IT directors aren't necessarily qualified to collect evidence and can actually complicate the matter, tainting evidence or running afoul of privacy laws. (Moreover, as with the publishing company in San Diego, the IT department may be implicated.) A forensic IT consultant costs about $200 to $600 an hour, is typically licensed as an investigator, and knows the chain-of-custody procedures that govern the way evidence should be handled so that it remains admissible in court.

Lange emphasizes that even when the situation looks dire, a decent investigator can retrieve more data than you might expect. "We've had cases where someone shot bullets through their hard drive, squirted lighter fluid into their laptop, and set it on fire, and we could still recover things," says Lange. But don't expect immediate results. "People have unrealistic expectations because of shows that feature computer forensics, like CSI," says Rogers at Purdue. "No one can solve a case in 50 minutes."

______________

Experts say personal data is safer in cyberspace than it is offline. Click here to learn more.

See if folks get their money's worth when they pay to block identity theft.