The answer is to be PROACTIVE.

First... prepare, publish and distribute a company policy that describes the ownership of the (PC) systems and the limitations of their use. (DSI can furnish a sample policy that can be customized to your business needs.)

Whenever  necessary, DSI will visit your location to conduct a forensic examination of the suspected computer. We will scan  the PC hard drives and peripheral storage units (such as floppies and zip drives) with our licensed software.  The scan will result in the creation of a complete catalog of all graphics or  pictures that  were stored or housed on the hard drive and the peripherals.  It will also search the deleted files in the recycle bin and reconstruct them.

Whenever a user visits any internet site, any (!) pictures that are on the screen are automatically saved in the cache file until the next visit (and subsequent visits). The purpose is expediency.  The browser saves these hundreds and hundreds of pictures for the  next visit so that they do not have to be reloaded by the computer.  Graphics such as the up and down arrows or radio buttons are all saved in the computer.  This also includes pictures or graphics from 'adult' websites.  If such files are discovered  by another employee who finds them obscene or lewd, you, the employer, could be forced to defend your company in a sexual harassment suit.

Our examination will also reveal the usage and location of over 7500 keywords that could signal illegitimate (porn) or illegal (drug) usage by employees or other unauthorized persons.  We will determine if anyone has been obtaining or receiving any messages or other communications containing:

We  can  also  include  additional  keywords you  might  want  to check.   Such  a  customized   words  list   could  reveal  illicit communication  with  your  competitors… or  you may  want  to  determine  if  proprietary information   is  vulnerable   or  is  being transferred.

Our  report will  print  out  the  keywords  and the context of their  usage  along  with  the  exact  location  on the  hard drive where the keywords can be found.

ComputerCOP™ makes use of a "multi-view image review" and "word category directory tree", both of which assist the professional investigator in the computer review process after the search of the suspect machine. By performing the search process from the examiner's machine, it is impossible for any changes to be made to the suspect computer during the search thus avoiding any possible contamination of original equipment or files.

Using the ComputerCOP™ software, DSI can examine all the suspect computer's local drives for files, deleted files and unallocated disk space. We are also able to search and review the "file slack" (the disk area between the end of the file and the end of a disk cluster where the file is stored) for all file types. Both the "file slack" and the "RAM slack'" are scanned and reviewed remotely via a parallel connection.

At the conclusion of the examination, opening the "Case Reporter" reveals the case number and the computer serial numbers of each examined computer in the case. With a click on a serial number, the examiner is presented with the print options of: The Report Cover Page, The Audit Trail that demonstrates the activity during the examination, The individual pieces of evidence with all the relevant data  and description, The Evidence Log, The Evidence receipt, and Court Return.

For additional information or assistance
on how DSI can track down the improper or
illegal use of your business computer systems,
call us at:  (215) 576-7336

Background ~  Mission Statement  ~   Expert Witness  ~  Security Services ~  Investigative Services
International Sources  ~  Computer Forensics  ~  Published Articles  ~  Links
 Release  ~  Agreement  ~   Home Page

Copyright © 1999-2010 Dallas Security, Inc.  All rights reserved.
Website design & maintenance by BRK Web Designs