Data recovery a growing industry

Computer forensics is growing in importance to business, say two Auckland practitioners.

Computer forensics is growing in importance to business, say two Auckland practitioners.

As well as commercial clients seeking the retrieval of lost data, the legal profession is making increasing use of data recovery techniques, says Brian Eardley-Wilmot, managing director of Auckland data recovery company Computer Forensics Ltd.

The company retrieves data that has been deleted or is otherwise unrecoverable by normal means using specialist software, and lawyers are seeing the benefits of that for getting hold of data during the discovery process, he says. This includes turning up information they suspect their client’s opponent may have deleted. As an example, one side in a legal dispute may claim there were documents on the other side’s disc six months ago and want to check, Eardley-Wilmot says.

An analogue copy of the data, burned to a CD-Rom, will be considered best evidence if the original disc is lost and will enable both sides to see what was on the disc.

Computer Forensics creates an analogue of the hard disc by taking a serial stream of data off the disc.

“Every piece of data, including corrupted data, unallocated clusters and slack space is taken off the disc without turning the computer on. If you do turn it on, Windows writes files to the disc which can overwrite the data you’re after.”

Drive geometry informs the company of the content, from which it can produce analogues of the original target disc.

Despite the increased interest from lawyers, most of Computer Forensics’ work is for commercial clients who have lost data accidentally or because back-up didn’t work. In other cases, data is deleted maliciously or by viruses.

Computer Forensics has done work for the UN and for commercial interests in Singapore and in the South Pacific as well as New Zealand, though Eardley-Wilmot is reluctant to name individual clients as data loss isn’t something people like to publicly admit, he says.

The field of computer forensics is about more than just undeleting things from a hard drive, says Auckland-based Bates Forensic director Shayne Bates.

“It’s also about putting people at the scene, about the activities of people in the commission of a civil or criminal offence.”

Bates Forensic is sometimes involved in cases involving Anton Pillar orders, in which a judge allows a non-police search of a property where it is believed evidence relevant to a civil complaint may be found.

“A common scenario is where a corporate believes a former employee has stolen commercial information such as client lists. When the search takes place, the private investigator or security people will often involve Bates Forensics. We’ll enter the premises and either seize or duplicate the PC, disks and CD Roms. We’ll clone the hard drive using specialist forensic tools which leave an evidential order trail.”

That order trail is as important as the data itself, he says. “When producing electronic evidence, you need to show the chain of custody, the sequence of events, who has been doing what and in what order.”

Computer forensics also comes in handy when organisations want to conduct an internal investigation, Bates says. Examples include if fraud is suspected within the organisation, or theft of time (that is, surfing the net when you’re meant to be working) and sex-related computer misconduct.

“It’s important to remember a piece of evidence may not exist on any one device itself — it may be spread across five or six different places.”

Future developments in the computer forensics field he foresees include re-assembling damaged hard drives and techniques which allow better data recovery disks that have been overwritten.

Computer Forensics’ Eardley-Wilmot says there are “exotic means of data recovery” available, which “involve electron microscopy and the principles of magneto-hysterisis — they get down to the physical level of the disk and, using electron microscopes, can see the pattern of the data on the disk.”

The process is very expensive, he says “and I don’t know of any commercial organisations in New Zealand that do it”.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags computer forensics

Show Comments