Magazine article Security Management

Confessions of a Hard Drive

Magazine article Security Management

Confessions of a Hard Drive

Article excerpt

Even when the crime committed is as old fashioned as counterfeiting or simple theft, today's criminal is likely to be cyber-savvy, using all of the modem office tools to communicate with fellow felons. In response, today's investigator must develop high-tech skills that enable him or her to follow the clues as they morph from physical to digital.

Electronic evidence can be anything from an e-mail message that connects an employee to the theft of proprietary information to an incriminating phone number locked in a fax machine's memory. Important data may reside on the PC, printer, fax, or phone of a victim, suspect, or third party such as an Internet service provider like America Online.

Regardless of where the equipment is located, it must be treated as evidence so that any results obtained during the search will be admissible in future court proceedings. The investigator may have open access to the victim's or suspect's computer or other equipment if it is the property of the company. A private investigator or security professional cannot typically search property that belongs to a suspect or third party, however. Obtaining such evidence would, therefore, require involvement of law enforcement authorities.

The investigator can file a criminal complaint with public law enforcement and work with them to conduct the investigation and prosecute the case. The private investigator should stay in close contact with public law enforcement officials throughout the investigation and provide whatever support those officials might request.

In limited cases, such as suspected instances of counterfeiting involving company products, a private investigator may be able to obtain a civil court order permitting a search. The court order will specify whether the security professional can seize the suspect's property. Because most courts will not grant that authority, the investigator will usually have to make unaltered copies of the evidence for later analysis.


Once the legal considerations have been addressed, the investigator will need a combination of computer hardware and software tools to copy information from the hard drive to a floppy disk or other portable storage technology.

Hardware. The hardware consists of floppy disks or other portable storage media such as magnetic tape or a new technology known as a zip drive. Magnetic tape and zip drives are able to hold significantly more information than floppy disks and should, therefore, be the technology of choice for the private investigator. For example, the zip drive disks - which are slightly bigger than the standard 3 1/2-inch floppies - are capable of holding up to 100 megabytes of data compared to the 1.5 megabytes that can be stored on a floppy disk.

The zip drive technology usually includes the drive, one zip disk, and a cable that is used to connect the drive to the computer's parallel port, much like a printer. Software that fits in the computer's A or B drive is used to run the hardware.

Software. The software tools include off-the-shelf and customized programs to search for, preserve, and collect electronic evidence. For example, the investigator will need a software utility that allows him or her to write-protect the computer's hard drive - something that should be done before the investigator begins searching the computer for any evidence.

When executed, the write-protection function secures the hard drive so that it cannot be physically altered in any way. This safeguards the investigator from later charges that he or she altered evidence to support a case against the suspect.

The write-protection feature is a utility program function. Most computers do not have this as part of their operating system. However, the investigator can purchase separate utility programs that contain a write-protection feature.

The investigator should also have utility software to enable keyword searches of the hard drive for certain files. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.