Latest Expert Witness News

Extracting information from integrated computer systems requires fundamental engineering skills to provide dependable expert services to clients.

E-commerce, enterprise applications and e-mail systems provide the central nervous system to commercial and public sector organisations alike. Open to traditional attacks by virus and trojans, computer systems are also open to misuse by hackers, users and system administrators.Unravelling the root cause using proven computer forensic examination techniques, is becoming increasingly complex due to multiplicity of evidence involved.

One such leading practitioner in the field is Rob Shrubsall, a Chartered Engineer and Chartered IT Professional with many years experience designing, operating and investigating complex systems in a range of highly regulated industries. He is adamant that the computer forensic industry needs to broaden its skillsets to provide timely investigations and precise testimony when facing such differing technologies.

The miniaturisation of memory and processing power, broadens the range of evidence that can contain valuable data. From RFID tags used for logistics tracking and GPS for position finding, to network routers and high powered computer servers; limiting any examination to hard disks in a personal computer or server may leave avenues unventured.

“Experts need to be more than pilots of commercial, off-the-shelf computer forensic software,” explained Rob Shrubsall “they need to appreciate fundamental engineering principles, application architecture and system management techniques, to deliver excellence.”

“System Autopsy requires a comprehensive knowledge of the micro and macro levels. With the advent of flash memory replacing hard disks – examiners need to hone techniques for probing integrated circuits with unique access protocols. At the macro application layer, examiners need to have experience in object orientated, database driven applications.”

For example, take a web based system that incorporates online ordering, account management, logistics tracking and payment. “Delivering online presence to data hungry customers often demands integration of many components. For example, it may include RFID tagging for order tracking, smart cards for payment or user authentication, firewalls and routers for internet connectivity, and an array of servers providing the website functionality and persistent database.”[contd…]“Any misuse of such a complex system could involve one person operating singularly to further gain, or a group of people colluding to defraud the owner of the system. Unless processes are highly controlled, the complex nature of systems make it’s increasingly difficult to stop every gap. Determined users will go to many lengths to subvert procedures, change security permissions using blatant hacking, exploit social engineering to gain confidence of power users; however, they will ultimately leave a trail of evidence or clear absence (deletion of data) across many systems that will ultimately incriminate them.



“To meet client needs, requires a thorough understanding of the micro and macro levels,” confirmed Rob. “An engineering qualification, in addition to experience in forensic examination provides a very strong basis to adapt to any computer crime scene.

Thinking logically from first principles, rather than purely relying on the results of an automated system scan, will often uncover the core evidence.”

Because perpetrators of system crimes are often very experienced, they will use their knowledge to circumvent security provisions and system logs.

 “Spotting inconsistencies across systems, integrity issues and deleted transaction records often provide valuable markers in ongoing examinations. ”

Shrubsall has pioneered the use of business intelligence tools to extract data from business applications running on Microsoft SQL Server, Oracle, MySQL and IBM DB2 databases. “Using Enterprise Transfor

back