Terminated employee deleted data

“It is the end of the day and it has been discovered that several critical files are missing from your file server. That alone is normally is enough to freak out most server administrators, but this specific incident also happened to be on the exact same day a particular employee was ‘terminated’. As you recall that individual, had access to the missing data, but as far as you know, she didn’t seem like the type of person to do something malicious. Then again, you noticed she seemed pretty upset as she was clearing out her desk that day too. You begin to wonder if there is a connection between the two, and if so, how you collect the necessary information to present to your manager.

No, you are not imagining a scene from CSI or Court TV. This situation happens daily in real life and may have happened, or could happen, at the company you work for — Remember Enron?

What is Computer Forensics?

Computer Forensics is the analysis of electronic data to ensure that electronic evidence is maintained so that critical data trails, time & date stamps, and an accurate chain of custody can be identified so that it may maintain its evidentiary status as part of the electronic evidence discovery process.  The main components in computer forensics are the identification, preservation, extraction, and presentation of electronic data.  

How Computer Forensics Can Help YOU

  • Help determine which devices need acquired
  • Find the “Smoking Gun” in your case
  • Testify in Court as an expert witness.
  • Provide strategies regarding the report findings.
  • Can prove if the opposition is “guilty” of wrongdoing.
  • Provide facts that are backed up by the forensic community.

    Computer forensics has quickly become a vital tool and source of information for criminal investigators, corporate counsel, and prosecutors. Computer forensic investigators use their skills to identify and restore formatted, corrupted, deleted or hidden files from computers or other electronic media while maintaining crucial data trails, time & date stamps and accurate chain of custody & controls. They also obtain access to protected or encrypted data by using specialized software.


Because of the increased usage and dependence on the internet, for corporate and individual communication, computer forensic investigators need to be equipped to analyze emails, perform internet searches, search for file transfers, identify online account transactions and anything else a computer is used to do over the internet.

Where And What Types Of Evidence Can Be Found?

Forensic investigators typically focus on 4 areas when investigating a potential incident. There are other areas of attention as well, but the following are the most common. Including illicit and damaging activities that could damage your company’s reputation.

Saved Files

These are files that can be viewed on the computer. This is usually a non-intrusive task to obtain these files.

Deleted Files

These files are just that…deleted. They are either in the ‘trash’ or require special software to ‘capture and restore’ the files. This is usually a non-intrusive task to obtain these files.

Temporary Files

These files are typically generated from browsing the Internet, working on a document, some types of back-up software as well as certain software installations for example. Identifying these requires specialized software and is an intrusive process.

Meta Data

This information typically is associated with the details of a file or document. Such as, the date the file was created, modified and last accessed. Additional information that could be captured could include the original creator of the file (of course that information depends on the original installation of the application) as well as anyone who has ever accessed the file. Identifying these requires specialized software and may or may not be an intrusive process.

Cases Computer Forensic Services Can Be Helpful With?

There are several possible situations where you might need a forensic investigation.
The most common are:

  • Divorce Cases
  • Electronic Investigation
  • Expert Witness Service
  • Corporate E-mail Investigation
  • Intellectual Property Disputes
  • Investigation and Discovery Litigation Programs
  • Insurance Fraud Cases
  • Corporate Investigations
  • Electronic Records Management


If you suspect that you may have an incident requiring forensic evidence analysis, you should secure suspect computers from further use and engage the services of an experienced computer forensics company like Computer Forensics Associates to come in and create forensic images of them so you can preserve the evidentiary status and avoid spoliation of evidence.

Call for a consultation 1-800-228-8800