Database Forensic Investigations and Evidence Recovery
Databases are a key source of electronic evidence. Regardless of the size of the organization or the complexity of the database used – from a local building contractor using QuickBooks®, to a massive, multinational company that manages everything in an ERP (Enterprise Resource Planning), there is evidence contained within the database. Whether you suspect tampering, editing or deletion of data, or you have to produce information stored in a database of any size, a database forensics expert can analyze your needs, design a production or extraction plan, and make the data accessible and usable.
Databases as a Source of Electronic Evidence
When a database is part of the evidence needed, one must look beyond the single database to the business applications that use the data, such as business intelligence systems, marketing applications, payroll and commissions, insurance, employee benefits, contribution applications, etc. Database applications often share data with systems out of the direct control of the data owner – a dining rewards application could easily tie into multiple credit card processing databases, or a SAP application could share data with an employee benefits application at a charity. Reservation systems at hotels and airlines can share data amongst a dozen unrelated systems in a single transaction. Speak to a GDF database expert about your case and the systems involved before key evidence is missed.
Types of Database Applications Suitable for Forensic Examination
| || |
What Types of Information Can Be Discovered?
Sources of extremely valuable information can be, and routinely are, overlooked. In intellectual property cases, for example, financial databases may be very important for damages, but knowledge management systems, source code repositories and document management systems can yield amazing insight into an alleged infringement, while helping defendants protect against troublesome fishing expeditions, and/or invalidate claims against them. These specialized databases can be used to review document lifecycle and versioning. Even extended metadata, like keywords, descriptions, annotations and comments, can give insight to the purpose of a document, reveal who authored or accessed information, and expose to where it was routed. In the hands of a highly trained and perceptive expert, a new view of the available data may also be achieved. Whether you’re producing a database or requesting it, you need the assistance of a court-tested and proven group of experts like ours at GDF.
Database forensics come into play during Intellectual Property (IP) or patent infringement cases, corporate espionage and even intrusion events like a data breach or an instigated virus infection. Often it’s in the structured ESI of a database where a savvy database forensics expert will find the evidence that will make or break a case. And should a database forensic examination lead outside of the database to computers, such as desktops and laptops, or digital devices like phones, tablets and pads, or even into a cloud computing/storage system, GDF can continue the hunt for data without missing a step.
Whether you are a hospital dealing with the Health Insurance Portability and Accountability Act (HIPAA), or a financial institution bound by Sarbanes-Oxley compliance (SOX) or even a retailer forced to comply with the Payment Card Industry Data Security Standard (PCI DSS compliance), there can be severe consequences if missteps are taken. GDF has worked on thousands of cases in a plethora of industries, and we’re completely conversant with regulatory procedures and acting within them. Further, we have legal advisement support staff at all of our locations and assigned to every case.
It’s one thing to find evidence of illicit activity in a server or database, it’s quite another thing to catch the person(s) involved. Employing a user activity monitor has become a viable option in the prevention and prosecution of insider computer crime. In addition to forensics analysis, GDF offers C-All, our world class solution to maintaining a watchful presence on any computer network.