Computer forensics has come into the spotlight as a primary means of investigating computer activity and gathering evidence. However, the investigative process has been anything but easy, normally requiring that organizations hire outside contractors to conduct forensic investigation and rely on those third parties to deliver actionable evidence.
Regrettably, HR departments are usually left out of the investigative process and become little more than a source of information for those individuals conducting an investigation. This not only increases the time an investigation takes, but also limits the contributions that HR departments are capable of. What's more, the evidence gathered in that fashion is usually limited to determining what happened for a given case, and is not used to directly improve procedures or policies – the area where an HR department has the most to gain.
New products to simplify forensics
Luckily, new products are arriving on the scene that simplify forensics, as well as the gathering of evidence and reporting on that evidence. Those new products/services could prove to be a boon to businesses looking to enforce policies, validate appropriate usage, enhance security and ultimately increase worker productivity. Yet, the question remains, what business group should be in charge of forensics tools and processing electronic evidence.
That question has sparked a controversy across business groups, with some claiming IT should be the primary managers of forensics, while others claim that creating an IT forensics department is the best way to approach that dilemma. Some organizations look toward internal council or law departments to manage the forensics process, while others still pursue using external investigators or contractors to gather actionable evidence. Yet, HR has the most to gain from the process and arguably offers the least path to resistance for an investigative event.
HR departments as IT watchdogs
HR departments are already charged with securing information about staff and personnel, as well as policy creation and enforcement, as well as employee training and discipline. So the combination of these mean that the HR department is best suited to deal with computer forensics based investigations. However, there is a catch – HR departments often lack the technical skill sets to drive a computer forensics process, meaning that HR must rely on IT to effectively gather actionable evidence.
Simply put, HR will have to rely on the IT staff to educate on how to access data and understand the underlying technological infrastructure for stored data. That will change IT's role in the investigative process to be more like an ombudsman for information systems and the data stored. That should prove to be good news for IT managers, allowing their departments to exhibit their value to HR first hand.
Nevertheless, the lack of effective knowledge is a potential show stopper for HR departments looking to leverage forensics. However, vendors are realizing that the best way to grow their forensics tools market share is to engage non-technical staffers by building products that are easier to use, offer automation and can accomplish a great deal of the investigative work unattended. What's more, vendors are also creating training programs that focus on how to conduct an investigation and use simplified tools to their maximum potential.
Vendors and their offerings
Guidance Software is a company that specializes in creating forensics tools. The company has released EnCaseEnterprise v7, which is an investigate platform that is designed to be installed on an enterprise network and continually gather information for analysis. The product is designed to be easy to use and automates much of the investigative process. In other words, with very little training, an HR staffer could leverage most everything EnCase has to offer is a relatively short period of time.
Guidance Software isn't the only player in the automated forensics game. Other vendors such as SunBlock Systems, DigitalIntelligence, DIBSUSA, ForensiX and Cyber Security Technologies offer forensics tools, yet most are geared toward the investigative professional and not the casual HR staffer. Nevetherless, training proves to be the great equalizer here and when properly trained, most staffers can be very effective at the investigative process.
How HR departments can best use forensics
Forensics can also be a tool used for auditing compliance adherence or violations, an important capability for businesses that must meet the requirements set forth by HIPPA, SOX, and PCI compliance legislation. Detecting compliance violations before standardized audits gives businesses the opportunity to remediate problems before fines are imposed and proving that compliance objectives are met can reduce the overhead and associated costs of maintaining compliance.
Simply put, HR departments have the most to gain from forensics technologies and those technologies are getting easier to use and more effective. Since HR management is often charged with policy enforcement as well as monitoring and resolving employee or management complaints, the pertinent information delivered by a forensics platform in an easy-to-understand report helps HR managers to quickly resolve problems and take action if necessary.
What's more, the gathered information can also be used to exonerate employees, businesses or contractors from policy violations by proving that a particular individual was responsible for the events related to the forensic investigation trigger. Those realizations have led to businesses researching the viability of purchasing and self-deploying forensics technologies and then training internal staff on their use.
Finally, HR and IT should never shirk their responsibilities when it comes to computer crime – one of those responsibilities comes into play when more than policies have been violated. If a law has been broken, that activity should be reported to the appropriate authorities. Yet, that may not be an easy process. With that in mind, TechRepublic has created a computer crime reporting checklist to help organizations with the thorny issues surrounding computer crime.
Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MCNE, MCSE, A+, N+, L+, and Security+.