Art-ology

In this high-tech world, communication is done 99.999% via electronic gadgetry, which means computers. From personal to company communications, from plain messages between workers to complicated codes of industrial intelligence-gathering or money crime, computers are the vehicles. Hence the optimum site to unearth proof of employee misdemeanor in nearly all facets is to examine his computer hard disk. No matter if it is a refurbished computer, a used computer or a new computer, traces of what he performed using the computer may be analyzed to establish whether he perpetrated offenses or not. This discipline of post facto computer analysis is called computer forensics.

Every computer records all keystrokes performed in the machine, since it must respond to them as commands. This record is usually stored in the disk in different locations though most may be automatically deleted as part of the operating system function. An analysis of the computer disks would normally shows traces of these, specifically the deleted data that have not yet been superimposed by new inputs. Deletion of information in any program simply means the computer will not access it, but it does not perish unless overwritten, and may be accessed by particular gadgets to reveal what was thought to be already gone.

There are two main bases for computer forensics: when a leaving employee is construed of misbehavior in maintaining company information confidential during his tenure; and if an employee is thought of underperformance, not devoting his full time to his work. In the first reason, the computer may be confidentially examined after the employee has left without anyone being the wiser; but in the second instance, congtinual computer inspection is the only way to pinpoint goldbricking employees without negatively affecting employee confidence. Else, spying on the employee will be the option, either via electronic gadgets or true spies.

Data retrievable by forensics gadgets include:

1. Records or portions of files that have been deleted but not superimposed. As stated above, the magnetic arrangement for the datum remains as is unless rearranged by new actions.

2. Roster of deleted file titles even without the files. This may indicate the use of unapproved or banned programs.

3. Websites opened, at any browser setting, even if deleted from browser records. Normally recorded in hidden files or open disk space and traceable in toto or vestiges.

4. Accessed or downloaded Internet information or graphics. Same with the preceding.

5. Non-standard programs or software used.

6. Residual information in the temporary files, saved or not. Usually what was being used most lately.

7. Undisclosed files or those protected by keys. The programs used can crack the passwords or go without them.

Company studies indicate that about 20% of employee computer time at work is devoted to activities not really connected to the work, and this is very unfair to the company. Employee monitoring is thus a method of ensuring correct employee performance, but there is also such a thing as employee esprit d’corps and right to discretion. The trick is obtaining and maintaining a balance between the two entitlements, and computer forensics is just a method to do it.