UK firm is tracking down the electronic criminals

For those who believe that technology is the answer to all our ills, the escalation in computer-related crime must come as something…

For those who believe that technology is the answer to all our ills, the escalation in computer-related crime must come as something of a disappointment.

But it is hardly surprising; the adaptable nature of computers provides the perfect platform for exploitation. And where crime goes, law enforcement authorities follow, with the increasing use of computer-related evidence to track criminal activity.

From blackmail letters to child pornography - even murders - computers can be extremely valuable sources of forensic evidence. For example, while most "non-techies" imagine deleting a file and eliminating it from the recycle bin is enough to cover all traces of its existence, this is not the case.

Only the file name and the address of where it is stored on the hard disk are purged. The contents of the file will remain in a magnetically stored pattern on the hard disk until they are overwritten. In many cases unsaved files can be found up to one year later. A British company, Computer Forensics, is leading the field in the investigation of computer crime. It was set up by Mr Peter Verreck and Mr Jim Bates, after Mr Verreck identified the emergence of this new science through his experience with computer security and virus problems.

READ MORE

His company has worked extensively on a consultative and hands-on basis with Scotland Yard, the FBI and other international police agencies.

The company operates in two specialist areas. It deals with criminal cases, working mainly with government and police, and with commercial crimes, dealing with employee transgressions and disputes between companies.

It has assisted in a range of cases. Over a year ago, for example, Computer Forensics was called in on a murder case to investigate the contents of a computer found switched on at the scene of a crime. A woman had been found shot with a copy of her will beside her. Computer Forensics copied the contents of the computer and searched for any evidence that documents directly related to the will had been changed.

Although this did not produce any evidence, they were able to reconstruct events around the times the computer had been used over the previous couple of days and it emerged they did not tally with her husband's version of events. Because he was the only person with access to the computer, the evidence was used to break his statement, and he was later found guilty of murdering his wife.

However, many cases are not as straight-forward. Mr Verreck says one of the greatest challenges for his firm has been making its findings admissible as evidence in court.

In order to retain the integrity of data stored on a computer, Computer Forensics has developed software and hardware which can trawl through a computer's hard disk without altering it. As soon as a computer is turned on there is a risk of overwriting information already stored, so it has designed DIBS (Disk Image Back-Up System) equipment which will take a "snapshot" or copy the contents of the hard disk without altering them. After that the investigators face the daunting task of analysing the data, which can in a typical case amount to the equivalent of at least 50 filing cabinets.

Following a structured investigation technique the investigators take a top-down approach to sifting through the information, called "hierarchical structured investigation". During this procedure they move from one level of analysis to another, based on what has been revealed at the higher level.

Mr Verreck divides computer-related crime into two groups, computer-essential crime and computer non-essential. Computer-essential includes illegal electronic funds transfer, viruses, credit card fraud, dissemination of pornography. Computer nonessential relates to crimes where the computer has provided assistance in perpetrating a crime, for example, blackmail letters drafted on computer.

One case where Computer Forensics produced evidence was in a case where a disgruntled employee at a pharmaceutical company had sent a letter to the chief executive officer demanding he pay money to a particular animal welfare charity, or confidential documents relating to the company would be forwarded to its competitors and the media.

Computer Forensics isolated a few employees, and eventually struck on something when one of their computers showed up contact with one of the charity organisations in question. They then went to that employee's home and copied the computer's contents onto optical cartridge. In the laboratory, using specialist software, they were able to produce the remains of the blackmail letter and several other letters to the charity organisation. Mr Verreck says 80 per cent of computer-related crime goes unreported and tends to be dealt with internally as the company generally doesn't want the publicity and simply fires the perpetrator.

According to Mr Tim Allen, director of Computer Forensics Investigations: "It's generally commercial fraud we deal with. Somebody somewhere is either taking kick-backs or has removed money from the company, and we're looking for the trail within the computers that will support that."

And the lengths people will go to cover their tracks are often not enough. In fact, deleting a tranche of files can be equivalent to putting up a big signpost for the forensic analysts. More extreme measures like throwing computers out of windows and into swimming pools, or chopping up floppy disks have also proved fruitless. Mr Verreck does concede, however, that hitting the computer's hard disk with a hammer would have a fairly profound impact on its contents.

Madeleine Lyons

Madeleine Lyons

Madeleine Lyons is Food & Drink Editor of The Irish Times