Ken Silverstein EnergyBiz Insider Editor-in-Chief

The science is now known to a larger audience through popular television programs. In the end, the bad guys get caught and justice is done. By searching for information in hidden places in which any average user would be unaware, investigators can find deleted emails and word documents. And the only way to permanently get rid of them is by over-writing the incriminating evidence, which is difficult given the size of hard drives.

"The best way to erase data is take the computer in the back and take a sledge hammer to it," says John Wiechman, president of Dallas-based TLSI, a computer forensics firm that is part of a team looking at Enron's computer files. Basically, information written and stored on a computer is multiplied many times over, making it relatively easy to find for anyone educated in the ways of computer science.

In the case of Enron and its former auditor, Arthur Andersen, computer forensic specialists combed through their e-mails, word documents and spreadsheets. Andersen says it began deleting Enron e-mails on Oct. 23, 2001 and stopped on Nov. 9, 2001, although sleuths have been able to recover messages sent eight months earlier. Forensic firms looked at hundreds of computers at Enron alone, with each one having between the equivalent of 1 million and 2.5 million pieces of paper associated with it.

Many times, computer forensics is intended to help companies retrieve information that is the result of human error and hard-drive failures. According to TLSI, lost information is a huge problem, as 74 percent of all companies that have a major or complete loss of data will be out of business in 12 to 18 months. But missing data can also be a function of malfeasance. According to Computer Security Institute, more than 60 percent of businesses have been hit with financial losses related to theft of proprietary information, such as intellectual property.

Deleted emails are not particularly difficult to recover. Multiple copies often exist and can be found on both individual and corporate hard-drives as well as any number of servers. If the need would arise, investigators start by copying corporate recordings of emails before going on to look at the hard-drives of suspected individuals. That data is then transferred en masse to a back-up file.

"Discovery has been changed forever by data technology and recovery technology," says Mark Burge, partner in the firm of Bodoin, Burnside and Burge in Fort Worth. "It allows attorneys to prove their cases in ways they have not even thought about."

Relatively New

Computer forensics is similar to the card-catalogue system at the library. The card that details exactly where the information is and what its details contain can be lost but the books and other materials will still remain on the shelves. With the right skills and some detective work, the information can be captured. The cost to recover data depends on the size of the hard drive. But those between 10 gigabytes and 40 gigabytes cost generally between $550 and $3,000 to analyze, says forensics firm TLSI.

Most sabotage is done internally, which is why TLSI's Weichman says that utilities should have vigilant internal oversight with highly learned staff. It's an investment that he says is cheaper than the loss of valuable information such as intellectual property, client lists or proprietary formulas.

But, companies need to remain on alert for external invasions. Utilities, for example, must dispose of older computers. While many folks think that deleting information or reformatting the hard-drive is enough, it is not. If confidential information gets out, companies are faced with enormous liabilities.

"The used hardware market is literally swarming with sensitive personal information," says Michael Kessler, President and CEO of Kessler International. "Social Security numbers, credit card information, confidential health care dossiers... you name it, it's out there, and it's easily available to people with the right tools."

Kessler adds that hard drives should be transformed into "a pile of rubble" if the decision is made to dispose of them. Beyond that, companies should use a disk sanitization tool to completely overwrite and remove data. And, finally, the computer should be "retired" with a reputable computer recycling facility.

Computer forensics is still relatively new. Traditional law enforcement agencies are less experienced at the science or they have not yet updated their investigation units. Computer forensics firms, however, are working to train folks who can deliver testimony that will stand up in court. Moreover, the field is always advancing and must continually stay one step ahead of tools that could be used to foil investigators. Forensic programs, meantime, are now front and center at some schools while businesses are training workers in this area, too.

Companies are living and learning. And for the vast majority, having knowledge of computer forensics goes a long way to prevent corporate theft. For others, such as Enron, the science can lead to the discovery of damaging information that will be used in court.

For far more extensive news on the energy/power visit:  http://www.energycentral.com .

Copyright © 1996-2005 by CyberTech, Inc. All rights reserved.