January 2008 — Features
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
CSI: Hard Drive
That's small potatoes versus what file searches are coming up with on the grown-ups. A gym coach's dalliance with a cheerleader can seem positively nostalgic compared to the array of untoward activities that experts say forensic tools are unearthing: harassment, participation in hate groups, gun purchases, terrorist activity, pimping. On top of that, Williams says there is a "huge problem with staff or faculty surfing pornography during school hours or on school equipment— actually having child pornography on their PC, or carrying on an inappropriate relationship with a student, using school computers for e-mail or chat."
Because of the danger this kind of behavior presents to schools and the community at large, districts need to have at least basic forensic capabilities in order to bring the culprits to light. Williams says that means "being prepared with the right technical expertise and software to address the situations." He estimates you could call officials in any decent-sized school district with sufficient resources and learn they have invested in computer forensic tools and are currently putting them to work on solving a particular case.
Assembling a Team
School IT professionals are fortunate that they can count on software to do the heavy lifting at every point of an investigation. Software can not only collect forensic evidence, but also help users write the subsequent report to submit to an attorney or the courts. But the real strength of forensic technology is its ability to slice and dice the data it retrieves to help school districts find the needle in the haystack.
According to Brian Karney, senior vice president of the corporate division at AccessData in Lindon, UT, the ability of forensic tools to find evidence is so sophisticated, their credibility goes unquestioned in court proceedings. Instead, defense lawyers attack the operator of the tools, looking for procedural error. "Instead of asking what tools did you use," Karney says, "courts and lawyers ask what was the process you went through."
That doesn't mean school districts can shrug off their investigative responsibilities onto a data forensics vendor. There still needs to be professionals in the district who know what to do with the data once the software has held up its end and produced it. Williams recommends districts train at least one or two people in the IT department in computer forensics. The best candidates are those professionals who understand bits and bytes of PC hardware, PC operating systems, and file systems backward and forward. It's a good idea to include legal counsel and a public relations expert in the loop as well. "It takes a team to deal with these cases," Williams says.
Fortunately for cash-strapped districts, computer investigative software doesn't have to cost an arm and a leg to do an adequate job. The best-known freebie available for downloading is a suite called Helix, which is basically a bootable live CD that allows users to look for images or text, or make an image of the hard drive. Williams describes it as a very comprehensive toolset for the price. WinHex also offers a free edition, in addition to the for-fee suite, that experts say can be ideal for basic needs.
