Computer forensics has come into the spotlight as a primary
means of investigating computer activity and gathering evidence. However, the
investigative process has been anything but easy, normally requiring that
organizations hire outside contractors to conduct forensic investigation and rely
on those third parties to deliver actionable evidence.

Regrettably, HR departments are usually left out of the investigative
process and become little more than a source of information for those
individuals conducting an investigation. This not only increases the time an
investigation takes, but also limits the contributions that HR departments are
capable of. What’s more, the evidence gathered in that fashion is usually
limited to determining what happened for a given case, and is not used to
directly improve procedures or policies – the area where an HR department has
the most to gain.

New products to simplify forensics

Luckily, new products are arriving on the scene that
simplify forensics, as well as the gathering of evidence and reporting on that
evidence. Those new products/services could prove to be a boon to businesses
looking to enforce policies, validate appropriate usage, enhance security and
ultimately increase worker productivity. Yet, the question remains, what
business group should be in charge of forensics tools and processing electronic

That question has sparked a controversy across business
groups, with some claiming IT should be the primary managers of forensics,
while others claim that creating an IT forensics department is the best way to
approach that dilemma. Some organizations look toward internal council or law
departments to manage the forensics process, while others still pursue using
external investigators or contractors to gather actionable evidence. Yet, HR
has the most to gain from the process and arguably offers the least path to
resistance for an investigative event.

HR departments as IT watchdogs

HR departments are already charged with securing information
about staff and personnel, as well as policy creation and enforcement, as well
as employee training and discipline. So the combination of these mean that the
HR department is best suited to deal with computer forensics based
investigations. However, there is a catch – HR departments often lack the
technical skill sets to drive a computer forensics process, meaning that HR
must rely on IT to effectively gather actionable evidence.

Simply put, HR will have to rely on the IT staff to educate on
how to access data and understand the underlying technological infrastructure
for stored data. That will change IT’s role in the investigative process to be
more like an ombudsman for information systems and the data stored. That should
prove to be good news for IT managers, allowing their departments to exhibit
their value to HR first hand.

Nevertheless, the lack of effective knowledge is a potential
show stopper for HR departments looking to leverage forensics. However, vendors
are realizing that the best way to grow their forensics tools market share is
to engage non-technical staffers by building products that are easier to use,
offer automation and can accomplish a great deal of the investigative work
unattended. What’s more, vendors are also creating training programs that focus
on how to conduct an investigation and use simplified tools to their maximum

Vendors and their offerings

Guidance Software
is a company that specializes in creating forensics tools. The company has
released EnCaseEnterprise v7, which is an investigate platform that is designed to be
installed on an enterprise network and continually gather information for
analysis. The product is designed to be easy to use and automates much of the
investigative process. In other words, with very little training, an HR staffer
could leverage most everything EnCase has to offer is a relatively short period
of time.

Guidance Software isn’t the only player in the automated
forensics game. Other vendors such as SunBlock Systems, DigitalIntelligence, DIBSUSA, ForensiX and Cyber Security Technologies offer forensics tools, yet most are geared toward the investigative
professional and not the casual HR staffer. Nevetherless, training proves to be
the great equalizer here and when properly trained, most staffers can be very
effective at the investigative process.

How HR departments can best use forensics

Forensics can also be a tool used for auditing compliance
adherence or violations, an important capability for businesses that must meet
the requirements set forth by HIPPA, SOX, and PCI compliance legislation.
Detecting compliance violations before standardized audits gives businesses the
opportunity to remediate problems before fines are imposed and proving that
compliance objectives are met can reduce the overhead and associated costs of
maintaining compliance.

Simply put, HR departments have the most to gain from
forensics technologies and those technologies are getting easier to use and
more effective. Since HR management is often charged with policy enforcement as
well as monitoring and resolving employee or management complaints, the
pertinent information delivered by a forensics platform in an easy-to-understand
report helps HR managers to quickly resolve problems and take action if

What’s more, the gathered information can also be used to
exonerate employees, businesses or contractors from policy violations by
proving that a particular individual was responsible for the events related to
the forensic investigation trigger. Those realizations have led to businesses
researching the viability of purchasing and self-deploying forensics
technologies and then training internal staff on their use.

Finally, HR and IT should never shirk their responsibilities
when it comes to computer crime – one of those responsibilities comes into play
when more than policies have been violated. If a law has been broken, that
activity should be reported to the appropriate authorities. Yet, that may not
be an easy process. With that in mind, TechRepublic has created a computer crime reporting checklist to help organizations with the thorny issues surrounding computer crime.