Computer Forensics in the Employee Disciplinary ProcessInformation Technology is essential for most modern businesses, giving employees the means to access and communicate information in ways that previously were barely imaginable. Unfortunately, IT also provides employees with the ability to waste time, harass or abuse others, and defraud their employer or other companies.
Frequently such abuse of computer systems is obvious, and the disciplinary process can deal with the individuals concerned without reference to expert analysis. In some cases, however, management and Human Resources may need more information, maybe to discover the extent of the problem, or to place definitive, impartial information before a tribunal.
Human Resources departments, legal advisors and internal auditors all have a role to play in such investigations. However, an independent forensic expert is more likely to be able to uncover key information, and have their conclusions accepted by a tribunal.
By applying the disciplines, tools, and techniques that we have built up in our work on criminal cases, and experience in IT audit, we can provide the employer with full details of the behaviour in question, and potentially build a case that will stand up to close scrutiny.
We have particular experience in cases of fraud, including forgery and VAT fraud. We have also analysed many cases involving internet use and misuse, producing detailed listings of activity that we have recovered from deleted history on PCs. In other cases we have recovered emails and Instant Messages where police investigators have failed.
The burden of proof in a Disciplinary Tribunal is less than that in the criminal court: 'reasonable suspicion' as opposed to 'beyond reasonable doubt'. However, tribunals do demand that employers show that they have undertaken a detailed investigation to support their suspicions, and in many cases a tribunal has found against an employer on this point.
Even if they already have enough evidence to dismiss an employee, the employer needs to know the extent of any abuse of computer facilities, for example to determine whether to institute proceedings to prosecute the individual or recover monies, and to ensure that the incident cannot happen again.
As a former Internal IT Auditor in various Investment Banks, I am aware of the limitations of that function in its ability to perform forensic analysis. Typically, IT auditors look at policies and procedures, and do not have the tools or training to look into specific breaches of those policies. In addition, internal auditors are not independent of management, and may be seen as being partial by a tribunal. There is therefore a role for a specialist, independent investigator.
Many disciplinary cases involve the misuse of Personal Computers. We have extensive experience of analysing PCs and recovering lost information. Even after formatting and attempts to cover tracks, we have been able to recover evidence of internet usage and emails that were apparently lost. We do treat each case individually, and are constantly revising and refining our techniques as cases arise and technology develops.
In cases where computer systems that are specific to the employer are involved we may need more support from local technologists, including IT auditors who have knowledge of controls, and programmers and support staff. In these cases we can direct the investigative process, using local knowledge to improve efficiency.
We see our role as one of partnership with the employer and their advisors. We are mindful of the need to work within the Data Protection Act, for example, and look to legal advisors to ensure that our investigations do not breach the rights of the individuals concerned. It is usually necessary, therefore, for the employee to have agreed to their PC being monitored or investigated.
We are always willing to discuss a particular case free of commitment. Should you consider that we might be able to help, we recommend that you make contact as early as possible so that we can advise on securing the relevant data. Click here to email us.