In this sophisticated world, interaction is done 99.999% via electronic devices, which are computers. From personal to corporate communications, from simple messages between employees to complicated codes of industrial espionage or financial crime, computers are the equipment. Thus the best place to find evidence of employee misdemeanor in nearly all facets is to examine his computer HDD. Whether it is a refurbished computer, a used computer or a new computer, traces of what he performed using the computer may be analyzed to determine whether he perpetrated malfeasance or not. This discipline of post facto computer examnation is called computer forensics.
Every computer inputs all keystrokes performed in it, since it should respond to them as instructions. This data is usually kept in the disk in different locations though most may be routinely erased as part of the operating system methodologies. An analysis of the computer disks would commonly reveals traces of these, especially the erased items that have not yet been overwritten by new information. Erasure of information in any program simply means the system will not access it, but it does not go away unless overwritten, and may be accessed by particular devices to expose what was thought to be already eliminated.
There are two main reasons for computer forensics: when an exiting employee is suspected of misbehavior in maintaining company information restricted during his stay; and if an employee is thought of underperformance, not devoting his full time to his work. In the first reason, the computer may be secretly examined after the person has left without anybody being the wiser; but in the second instance, congtinual computer check-up is the only way to identify goofing off employees without adversely influencing employee confidence. Else, surveillance on the employee will be the option, either via electronic devices or true spies.
Information retrievable by forensics devices include:
1. Records or portions of files that have been erased but not overwritten. As stated above, the magnetic arrangement for the information remains as is unless modified by new actions.
2. List of erased file titles even without the files. This may indicate the use of unsanctioned or banned applications.
3. Websites visited, at any browser configurations, even if removed from browser records. Usually recorded in hidden files or open disk space and readable in toto or vestiges.
4. Opened or copied Internet information or graphics. Ditto with the preceding.
5. Unknown applications or software utilized.
6. Vestigial information in the temporary files, saved or unsaved. Usually what was being used most recently.
7. Undisclosed files or those protected by keys. The applications used can open the passwords or go without them.
Corporate studies indicate that around 20% of employee computer time at work is used for activities not really related to the work, and this is very unfair to the employer. Employee monitoring is thus a method of ensuring correct employee performance, but there is also such a thing as employee esprit d’corps and right to discretion. The aim is obtaining and maintaining a balance between the two rights, and computer forensics is simply a method to do it.