Computer Sleuth: Beating down the evidence trail with computer forensics.

• Author: Green, Robert P.

Think Sherlock Holmes sans the goofy hat and magnifying glass. Today's digital sleuths enlist the tactics that once were only the purview of FBI and police investigators.

The tools of computer forensics play a vital role in resolving matters in the corporate world and litigation process by enhancing the evidence pool, establishing truths otherwise left undiscovered and, consequently, contributing to more efficient and rapid resolution, judgments or settlements.

But as computer forensics and electronic discovery--its legal-oriented practice subset--are becoming more a part of the litigation fabric, lawyers, CPAs and other professionals are exclaiming, "I wish I understood this a month ago. We really could have used these tools!"

Well, your wish has come true. The following is a guide to computer forensics--what it is and when it should be used.

WHAT IS COMPUTER FORENSICS?

Put simply, computer forensics focuses on the acquisition, restoration and analysis of digital data.

In the business world, computer forensics can be used to restore corrupted or lost data, resurrect outdated systems and software environments, and analyze common security breach activities.

Such steps are generally taken when, despite a company's prudent efforts, something has gone wrong in its computing environment.

Also, attorneys use computer forensic-based methods, or electronic discovery, when they are searching for digital evidence that will help them with their case.

For CPAs, computer forensics can be used with forensic accounting practices to provide a more thorough, corroborated evidence position.

DIGITAL DATA

Digital data is electronic information that is created in, and utilized by, computer systems and their related applications. Such data is found in everything from hard drives, laptops and PDAs (such as Palm Pilots and iPaqs), to backup tapes, e-mail servers, CDs, DVDs and other computer network components.

This data is found in "active" files, such as e-mails and documents stored on hard drives. Typically, these files are ones that can more easily be accessed and are those that employees tend to use most often.

Data also lives in other forms that are not so simple to find. Think hitting the "delete" button has purged that e-mail forever? Think again.

Computer forensics can track down deleted files, hidden files, files created by the system or by software that users are not aware of (such as an automatic backup of a document), or fragmented files that are...