| Forensic
Mining |
|
| Forensic Mining
as the process of identifying and collection of information/evidence from
complex computing environments varies from traditional forensics wherein
computers are seized and examined. |
|
| Forensic Mining
typically occurs within large corporate environments where enterprise wide
email and document management technologies have been employed. |
| There are a large number of
individuals with significant experience in traditional computer or
accounting forensics. Unfortunately almost all of these efforts are
focused on 'seizing' the computer and/or rebuilding the personal
computer's in a sterile environment allowing for the identification and
processing of potential evidence. |
 |
| This works very
well for those cases that have the business, or personal information, on
the personal computer, but doesn't work for complex cases that include
enterprise wide systems that need to be evaluated. |
|
| The problem faced
by civil and criminal attorneys lies in the fact that most medium to large
organizations in today's world have implemented corporate wide email and
document management systems that maintain all of the electronic
information in a tightly controlled server environment. This very commonly
includes storing the electronic documents in a system allowing for
authoring and version control, along with maintaining full audit trails. |
| These systems
commonly have document imaging and workflow technologies in place that
utilize audit and security controls. As there is such as significant
volume of information being managed, this data is commonly stored on
optical storage media, microfilm/microfiche, SAN, HSM, and other network
based storage technologies....each in different formats based on which
product/solution has been selected. |
| As these
software/hardware technologies and methodologies or security, audit
trails, and storage capabilities vary from vendor to vendor, the key for
successful document, or forensic mining is to understand how these
technologies work from the beginning of capture process through how the
information is stored on the optical storage media. |
| EID is an
acknowledged expert in the document management industry, with detailed
knowledge of a significant number of products and technologies. EID has
personnel (committee chairmen, project leaders, and project editors) who
have participated in the development of many of the industry standards,
technical reports, and guidelines for over 10 years. This direct technical
experience, coupled with our law enforcement investigative experience has
enabled EID to assist other clients in identifying information/evidence
that would not have otherwise been located. Additionally, with this varied
background and in-depth experience, EID is able to determine whether
information has been altered, and whether the system producing the
information is accurate and reliable. |
| Along with
providing this level of "forensic mining", EID has in-depth
knowledge and understandings of network environments, corporate-wide email
systems, industry standards, and more importantly the demonstrated ability
to evaluate the existing computing environment to determine where
information/evidence can be identified. This technical experience goes
back 24 years resulting in a thorough understanding of the foundation of
these technologies which brings significant value to the civil and
criminal attorneys during the course of the case. |