Digital Detectives
A new breed of computer sleuth helps business owners track misdeeds among workers.
By Eilene Zimmerman

NEW YORK (FORTUNE Small Business Magazine) - When the CEO of a small San Diego publishing company started receiving threatening e-mails from an anonymous address, he had a pretty good idea that someone in the company's IT department was involved. The CEO called his lawyers, who in turn called Peter Garza, a computer forensics expert and founder of EvidentData, an investigative firm in Rancho Cucamonga, Calif.

After reading the e-mails, Garza examined the CEO's hard drive and found that spyware--software that monitors a computer user's web-surfing habits--had been surreptitiously loaded. Garza and a team of investigators told the CEO's employees they were conducting a security audit and made copies of all hard drives. They also hooked up a device that put the network under constant surveillance. Within a few weeks Garza determined that the IT director and several others at the company were helping a fellow employee send the threatening e-mails.

"Peter even found a Google (Research) search one of the IT people had done, using the name of the spyware and the word 'legal,' which took them to the spyware's legal disclaimer," says the CEO, a clean-cut man in his early 40s who asked that he not be identified. "They knew it was wrong, and they did it anyway." The guilty parties were promptly fired.

EvidentData is part of an elite but growing group of forensic IT firms staffed with Digital Age sleuths skilled at detecting computer-related misdeeds. IDC, a market research firm in Framingham, Mass., projects that the market for IT forensics will increase sharply, from $310 million in 2005 to $634 million by 2009. Purdue University started a cyber-forensics program two years ago with two classes; today there are five, all with waiting lists, says Marc Rogers, a former detective in the Winnipeg Police Department's computer crimes unit, who chairs the program. "Companies hire our students before they even graduate," he says.

For small businesses, most forensic IT cases involve employees rather than outsiders or disgruntled clients, says Michele Lange, a technology lawyer with Kroll OnTrack (a subsidiary of security giant Kroll) in Minneapolis. Lange says that more than half of her cases concern employees, who have been found involved in everything from child pornography to intellectual-property theft and internal fraud.

Small-business owners sometimes balk at using a forensic expert because of the cost, says Purdue's Rogers, relying instead on their IT director to conduct investigations. But IT directors aren't necessarily qualified to collect evidence and can actually complicate the matter, tainting evidence or running afoul of privacy laws. (Moreover, as with the publishing company in San Diego, the IT department may be implicated.) A forensic IT consultant costs about $200 to $600 an hour, is typically licensed as an investigator, and knows the chain-of-custody procedures that govern the way evidence should be handled so that it remains admissible in court.

Lange emphasizes that even when the situation looks dire, a decent investigator can retrieve more data than you might expect. "We've had cases where someone shot bullets through their hard drive, squirted lighter fluid into their laptop, and set it on fire, and we could still recover things," says Lange. But don't expect immediate results. "People have unrealistic expectations because of shows that feature computer forensics, like CSI," says Rogers at Purdue. "No one can solve a case in 50 minutes." Top of page

To write a note to the editor about this article, click here.

YOUR E-MAIL ALERTS
Follow the news that matters to you. Create your own alert to be notified on topics you're interested in.

Or, visit Popular Alerts for suggestions.
Manage alerts | What is this?
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.