The new role of HR: Spying on wayward employees

Human resources is the ideal department to use to investigate employees through computer forensics. These departments include non-technical staff, so vendors are now offering simplified tools for employee investigations.
 iPhoto: Sergiy Tryapitsyn

Computer forensics has come into the spotlight as a primary means of investigating computer activity and gathering evidence. However, the investigative process has been anything but easy, normally requiring that organizations hire outside contractors to conduct forensic investigation and rely on those third parties to deliver actionable evidence.

Regrettably, HR departments are usually left out of the investigative process and become little more than a source of information for those individuals conducting an investigation. This not only increases the time an investigation takes, but also limits the contributions that HR departments are capable of. What's more, the evidence gathered in that fashion is usually limited to determining what happened for a given case, and is not used to directly improve procedures or policies – the area where an HR department has the most to gain.

New products to simplify forensics

Luckily, new products are arriving on the scene that simplify forensics, as well as the gathering of evidence and reporting on that evidence. Those new products/services could prove to be a boon to businesses looking to enforce policies, validate appropriate usage, enhance security and ultimately increase worker productivity. Yet, the question remains, what business group should be in charge of forensics tools and processing electronic evidence.

That question has sparked a controversy across business groups, with some claiming IT should be the primary managers of forensics, while others claim that creating an IT forensics department is the best way to approach that dilemma. Some organizations look toward internal council or law departments to manage the forensics process, while others still pursue using external investigators or contractors to gather actionable evidence. Yet, HR has the most to gain from the process and arguably offers the least path to resistance for an investigative event.

HR departments as IT watchdogs

HR departments are already charged with securing information about staff and personnel, as well as policy creation and enforcement, as well as employee training and discipline. So the combination of these mean that the HR department is best suited to deal with computer forensics based investigations. However, there is a catch – HR departments often lack the technical skill sets to drive a computer forensics process, meaning that HR must rely on IT to effectively gather actionable evidence.

Simply put, HR will have to rely on the IT staff to educate on how to access data and understand the underlying technological infrastructure for stored data. That will change IT's role in the investigative process to be more like an ombudsman for information systems and the data stored. That should prove to be good news for IT managers, allowing their departments to exhibit their value to HR first hand.

Nevertheless, the lack of effective knowledge is a potential show stopper for HR departments looking to leverage forensics. However, vendors are realizing that the best way to grow their forensics tools market share is to engage non-technical staffers by building products that are easier to use, offer automation and can accomplish a great deal of the investigative work unattended. What's more, vendors are also creating training programs that focus on how to conduct an investigation and use simplified tools to their maximum potential.

Vendors and their offerings

Guidance Software is a company that specializes in creating forensics tools. The company has released EnCaseEnterprise v7, which is an investigate platform that is designed to be installed on an enterprise network and continually gather information for analysis. The product is designed to be easy to use and automates much of the investigative process. In other words, with very little training, an HR staffer could leverage most everything EnCase has to offer is a relatively short period of time.

Guidance Software isn't the only player in the automated forensics game. Other vendors such as SunBlock Systems, DigitalIntelligence, DIBSUSA, ForensiX and Cyber Security Technologies offer forensics tools, yet most are geared toward the investigative professional and not the casual HR staffer. Nevetherless, training proves to be the great equalizer here and when properly trained, most staffers can be very effective at the investigative process.

How HR departments can best use forensics

Forensics can also be a tool used for auditing compliance adherence or violations, an important capability for businesses that must meet the requirements set forth by HIPPA, SOX, and PCI compliance legislation. Detecting compliance violations before standardized audits gives businesses the opportunity to remediate problems before fines are imposed and proving that compliance objectives are met can reduce the overhead and associated costs of maintaining compliance.

Simply put, HR departments have the most to gain from forensics technologies and those technologies are getting easier to use and more effective. Since HR management is often charged with policy enforcement as well as monitoring and resolving employee or management complaints, the pertinent information delivered by a forensics platform in an easy-to-understand report helps HR managers to quickly resolve problems and take action if necessary.

What's more, the gathered information can also be used to exonerate employees, businesses or contractors from policy violations by proving that a particular individual was responsible for the events related to the forensic investigation trigger. Those realizations have led to businesses researching the viability of purchasing and self-deploying forensics technologies and then training internal staff on their use.

Finally, HR and IT should never shirk their responsibilities when it comes to computer crime – one of those responsibilities comes into play when more than policies have been violated. If a law has been broken, that activity should be reported to the appropriate authorities. Yet, that may not be an easy process. With that in mind, TechRepublic has created a computer crime reporting checklist to help organizations with the thorny issues surrounding computer crime.  


Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MC...


There is no way that someone in HR with *no* forensic/investigative background should have anything to do with investingating anything more than who stole their lunch out of the refrigerator.   Forensics/investigations takes specialized skills.  HR takes specialized skills.  The two don't cross paths.

Dumbing down the process for HR with a bunch of 'fill in the blank' software is, at best, a bad joke.  At the worst, it's going to not only cost valued employees their jobs, but open the company to full-force lawsuits.


Thank You! Thank You! all you wonderful commentors. I  was so happy to see your take on spy on on all because they're all guily mentality. I thought the second world war was already won when they took out the SS types. Guess not -  looks like they're back!!!


Thank You! Thank You! all you wonderful commehtwise so spy on on all" mentality. I thought the second world war was already won when they took out the SS and other NAZI types. Guess not - they're back!!!


The problem with HR is that they know nothing about technical personnel. Recruiters also are non-technical people; so, the question arises: How these people can hire good technical candidates? or know about what it takes to do a technical job? I have always sustained that HR should have technical people to oversee the job requirements before they select good candidates for the job; however, HR personnel and recruiters know nothing about those positions. Remember, it takes a technical person to understand another technical person. In the old days, interviews were done by technical people working in the same technical field and they also reviewed the resumes before scheduling an interview - Believe me, I know about it because I went through all of that. In engineering and IT, companies should have technical people doing the selection but now days any Joe blow is a recruiter or an HR individual. Industry and government in this country have no ethics what so ever and now they spy on people looking for reasons to fire people or not to hire. No wonder we are going down the drain in everything and relying on H1-B people to do what Americans can do best.


Nothin' new about this. It's been going on, since the Industrial Revolution began ..  Every section of the workplace, has its Office Spy, ( or more than one ), and organizations as a whole, have relied on bosses, to convey early warnings, to the management.  That's their primary undeclared function !  

Employees are either " pro bono publico " advocates and practitioners ( on the side of the people actually doing the work ) - or they are there as coppers' narks, for the enforcers, charged with disciplinary proceeding.  Anyone who hasn't twigged this, is naive.  The section troublemaker, most often doubles in tale-telling.  It's routine.  

I'm surprized you ( or anyone ) should imagine this a new turn of affairs.  You can't have had your ear to the ground.  In actual fact, the role of tale-bearer, is formalized, as the person designated for formal liaison to management.  Every org. works as follows: formal roles ( managers, who " supervize " the work - alwayts done by underlings ), -- and informal roles ( the people lumped with the real responsibility, for making things happen ).  These are the real cogs in the wheel

The tussle between the two, is over the ability to exercize one's creative and innovative drive.  The former seek to limit the latter, by restrictions, and directives.  The latter, seek to evade the delimiting acts and knowledge, of the former, by actually making things happen - irrespective of the impeding ordinances and hedging prohibitions ) ... 

When the latter manage to do what the mission statement says, the former are neutralized, and the business, works.  When they do not ( because of office spying ), the business begins to go down the tubes.  This is concealed and the real state of affairs, falsified, by strategic " porky-pies " -- moves on the part of the leadership, to " adjust " ( inflate ) share price, making it seem a viable concern ( dragging its weary bones on into the dying sunset ).  


Ain't it great to know that the NSA isn't the only group of agents spying on the world? Every government spies on every other government, we've learned (but we knew that already) since Snowden blew his whistle. And criminal hackers don't have to know much about computers to be able to use sophisticated malware: there are plenty of criminal programmers who'll sell them turnkey systems to rob banks or personal bank accounts. And now Mr Ohlhorst suggests that HR departments gather data on their employees by buying simplified forensics programs that will allow them to play CSI all day long.

Technology is wonderful when it's used for good purposes, but spying isn't one of them, I think. Oh, yes, there's that old saw that reminds us "All's fair in love and war". We're always at war, it seems, and one of the biggest and longest wars in human history is the one between employers and employees, second only to the war between the sexes, which Facebook and revenge porn sites on the Internet have recently helped perfect.

"What’s more, the gathered information can also be used to exonerate employees, businesses or contractors from policy violations by proving that a particular individual was responsible for the events related to the forensic investigation trigger", he says. Yeah, right. What a convenient afterthought.

We all know that business policies and laws are always reasonable, just, moral, ethical, and in the best interests of everyone under their authority. The powers that be are always right reasonable, just, moral, ethical, and in the best interests of everyone under their authority. History proves that all political and business leaders are benevolent dictators with only the best intentions.

There is no such thing anymore as an unreasonable search and seizure. Just ask the SCOTUS. There is no longer any possibility of personal privacy. "Arbeit macht freiheit" and the USA is the "Land of the Free and the Home of the Brave".

The surreal worlds of _The Trial_, _1984_, _Brave New World_, _Fahrenheit 451_, and _Minority Report_ have become our everyday reality. This is just another piece of evidence.

Editor's Picks