THE LATEST HIT: CSI IN YOUR HARD DRIVE
By Matthew Boyle

(FORTUNE Magazine) – WHAT DO THE TRIALS OF Scott Peterson, the BTK serial killer, Enron, and Merck's Vioxx have in common? All have hinged, or will hinge, to some degree, on digital evidence--e-mails, documents, web pages, pictures--procured from an individual's laptop or off a corporate network. The process of culling and preserving digital evidence for use in court is called digital forensics, and while it represents just a sliver of the $6.4 billion computer-security software market, this once-obscure field is taking off.

In fiscal 2005 the FBI's computer analysis response team tripled its workload from the previous year, to over 5,000 cases. And digital sleuthing is not just limited to cops. PricewaterhouseCoopers and Ernst & Young now boast separate practice areas for computer forensics, J.P. Morgan Chase and Microsoft have secretive in-house forensic teams, and corporate-investigations giant Kroll has seen its revenue from this field increase fivefold since 2002.

But a prime beneficiary of the cybersleuthing boom is Guidance Software, a fast-growing eight-year-old company in Pasadena. Guidance makes EnCase, a forensic software tool that--with sales of $40 million this year and 17,000 clients (including 90% of all law-enforcement investigators)--is by far the market leader.

The company's chief gumshoe, John Colbert, is no average CEO. Picture an amalgam of Sergeant Joe Friday and Larry Ellison. Colbert served as a Cobra helicopter crew chief while in the Army, and as an L.A. County investigator helped launch one of the nation's first computer-crime labs. While at a technology conference in the late 1990s, he met Guidance's co-founder (now CTO) Shawn McCreight, who had developed a Windows-based computer forensics program that was quicker and easier to use than existing DOS-based programs. Digital forensics "was a black art back then," says Colbert. He eventually joined Guidance to train other cops.

Now as CEO, Colbert, 40, is aggressively pushing EnCase into corporate IT departments. A 2004 FBI-sponsored survey found that 64% of companies suffered financial losses because of computer breaches. And digital forensics software can safeguard electronic evidence for use in investigations. EnCase and similar products work by creating a digital duplicate of a suspected hard drive, which an investigator can then search by keyword, file type, or access date. Clients can have Guidance's investigators sift through hard drives or they can buy the software--a basic version costs $2,400--and do it themselves.

Seizing a hard drive in Tokyo is tough if you're in New York, though. So over 75 members of the FORTUNE 500 also use a new, souped-up "enterprise" version of EnCase with a pricetag that can range from $22,500 into seven digits. The deluxe version allows clients like Broadcom, UBS, and J.P. Morgan Chase to search hard drives remotely, over their corporate networks. Now that's global reach.