- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
During his law enforcement days Harry Megerian got his hands on a lot of IT gear - by brute force.
"We probably did a raid once a week or once every two weeks," says Megerian, a former computer forensics specialist with the U.S. Treasury Department. "I would walk away with five computers, on average."
These days Megerian still scours computers for evidence, but he does it on a consultative basis through the firm he founded, Computer Investigative Services, in Rochester Hills, Mich. One thing he doesn't miss is the raids. "I got a little tired of running up flights of stairs, breaking in doors," says Megerian, who retired from the Treasury Department in 2003 after 29 years.
In his consulting practice Megerian works primarily with government clients, investigating financial fraud and other criminal activities. He's among a growing number of computer forensics specialists trained to pore through hard drives and device logs to find evidence of criminal or inappropriate behavior.
As digital evidence has become more important to civil and criminal cases, the field has gained recognition, says Alan Brill, senior managing director at Kroll Ontrack, in Minneapolis. Interest in computer forensics also has grown because of the state-of-the-art labs and slick extractions of digital evidence viewers see portrayed on television shows such as "CSI."
"It is not what it looks like on TV," Brill says. "When we watch some of these shows where the cops go in and they sit at a suspect's computer and they find all this evidence - it's not what happens."
Rather, computer forensics is all about protocol. Experts use established investigative and analysis techniques to uncover system data - including damaged, deleted, hidden or encrypted files.
"People think that it's glamorous. The reality is that 95% of the time it's about very routine analytics and executing projects in a very uniform way," Brill says. "It is certainly not for those who are not detail- and process-oriented. It is not for those who loathe documenting their work, because the nature of what we do requires very complete, careful documentation."
As projects unfold, the digital evidence accumulates. In one case Brill worked on, a company suspected an individual of sabotaging computer systems. It was clear from which machine the sabotage occurred, but to prove who was responsible took some digging.
The Leader in Network Knowledge
Comment