His eyes were sharp and piercing,
save during those intervals of torpor to which
I have alluded; and his thin, hawk-like
nose gave his whole expression an air of
alertness and decision. His chin, too, had
the prominence and squareness which mark
the man of determination". This should
not have left villains with any doubts. Not
much was going to escape the scrutiny and
tenacity of the great Sherlock Holmes.
When tracking down today’s
computer villains, it is essential to be
able to deploy the right kind of forensic tools, as well as a
more traditional mix of guile and cunning. For one thing, the quantities
of information to be sifted and analysed can be enormous,
and at the end of the investigation there must be enough
watertight evidence to present in court, (this, however, being
a problem which hardly ever seems to crop up for famous fictional
detectives).
Computer forensics is a
comparatively young science, but there are
now plenty of web sites which deal with everything from
the more theoretical principles to the supply of relevant products
and services. The following is intended to give a flavour
of what is available out there. As usual, the mention of particular
commercial sites is not intended to suggest any kind of
endorsement.
Firstly, there are the information
providers. If you have a fairly clear idea of what you are looking for,
then the site at the US Department of Justice (www.usdoj.gov/criminal)
contains a large range of materials, and has a good search facility.
There are also some useful articles in the reference library at the IIA
(www.theiia.org), although
this is rather less geared to investigative work.
Then there are the consultancies.
Most of these are US-based, which rather
limits their use to browsing for more general advice and
perhaps their case studies. Among those based more locally in
the UK are companies such as Datasec (www.datasec.co.uk)
based in Hertfordshire, Computer Forensics Ltd in
Rugby (www.cyber-forensics.ltd.uk),
and Computer Investigations (www.computer-investigations.com).
Many of the US consultancies have
quite extensive web sites. Although these
often imply that they are offering a wide range of
advice and references, the materials in question often proves to
be rather short and fluffy. Their advice may also be based very specifically
on the procedures which are required under US Law. Examples
here are Computer Forensics Inc at www.forensics.com,
and Vogon at www.vogon-computerevidence.com.
Finally, there are the suppliers of forensic
tools, both hardware and software. Most
auditors are familiar with IDEA, which is
now marketed at www.audimation.com.
This has evolved a long way from its early
life as a general audit extraction tool,
and may well be the initial choice as an investigative
tool by those who already familiar with it. Another
contender is ENCASE, from Guidance Software, at www.guidancesoftware.com.
This offers similar features for digging
and sifting data, but with perhaps more of an emphasis on
overcoming obstacles where it is suspected that information is
being withheld or concealed. Some software tools also claim to
deal with the particular problems of hunting for evidence in image
files, as in cases involving pornography. An example of one
such product can be found at the New Technologies Inc site, at
www.forensics-intl.com.
Another long-standing and familiar
product is DIBS, which provides a means of
taking quick and accurate copies directly from
computer disk drives. Sales of the DIBS workstation are now
managed by DIBS USA Inc, at www.dibsusa.com.
(Readers interested in learning about how this product came to leave
the UK can find out from the Computer Investigations site, mentioned
earlier).
A recurring feature in many of the
sites is a certain amount of bragging about
the more spectacular cases which the staff or the
products have helped to solve. From these glowing accounts,
you might be led to feel that forensic work is both exciting
and inspirational. Given the tedium involved in much of
it, I have my doubts. As for the literary style of the narratives,
it has to be said that Dr Watson would probably
have put things rather differently. Holmes,
nevertheless, might just have found it all
intriguing enough to have a broadband connection installed in
Baker Street.
Andrew Hawker can be contacted at the University of
Birmingham on 0121 414 6675 or by email A.Hawker#bham.ac.uk |
