A growing number of businesses are choosing to do their own research into cybercrime rather than go to the police, and are signing up for forensics training to help them uncover employee misdeeds and security breaches, according to Guidance Software.
Guidance Software opened a European computer forensics training center or "school for cyber-cops" in Liverpool, England, on Feb. 20, in response to demand from both the law enforcement and corporate sectors in Europe. The center expects to train about 500 people per year in general computer forensics techniques and in the use of Guidance Software's Encase software, Frank Butler, European training manager said.
Guidance Software also has training centers in the U.S., Australia and New Zealand and has seen corporate interest in its products grow over the past couple of years, Butler said. Traditionally over 80 percent of students have come from law-enforcement roles, but now at least 50 percent come from the corporate sector, he said. "In fact, in the current course (in Liverpool), only four out of 16 are police. There's a lot of demand from business," he said. The company also hopes to set up a training school in Asia in the near future, and Butler says so far 90 percent of inquires about this course have come from the corporate sector.
Previously, European trainees have had to travel to Guidance Software's school in Pasadena, California, but demand is high enough for a local school, Butler said. The U.K. police have trained staff from most of its 52 regional forces, and is continuing to train new staff, he said. "I'm sure there are a lot of police disappointed at the prospect of going to Liverpool now, instead of California!"
Corporate trainees have a different focus, Butler said. "The ultimate goal of a police investigation is prosecution. A company on the other hand, may just want to prove that an individual has misbehaved and be able to sack them." Companies also prefer to keep publicity about security breaches out of the public eye and so choose not to prosecute, he said.
Victoria Mabey, PricewaterhouseCoopers LLP's forensics technology manager, based at PWC's European Centre of Excellence for Forensic Technology in Zurich, attended the Liverpool center recently. "If you think someone has, for example, set up a dummy member of staff and is having money paid to a bank account, or that they've sent malicious e-mails, then you can track down the machine that was used and then the person who used it," she said.
"In a lot of cases, the police may not be interested until we can show some evidence. Also, we may not want to go to the police at all. Obviously if we find money laundering or child porn, then we will, but if it's something like a person taking company information and intending to set up their own business, then we just want to dismiss them and know we won't face an unfair dismissal case."
PWC also uses Vogon International Ltd.'s forensic software, but using both gives more chance of success, Mabey said. "They both work on the same principle, of keeping data completely unchanged, but use a whole different analysis technique. So we have more chance of finding what we need."
Training covers two areas: where the computer is the target of a crime, such as in hacking, denial of service or straightforward theft, and where the computer is the repository of evidence. It is most useful for people using Guidance's Encase software, but is transferable to other technologies, Butler said. It costs US$2,495 per person, with discounts for government organizations and for trainees who buy the Encase software.