Step away from the computer…
The worst possible thing you can do when confronted by suspicious computer activity is “have a quick look” on the hard drive.
You might immediately find what seems like compelling evidence of a crime. But the chances are you have already seriously damaged any hope you had of proving who the culprit was.
Just switching on the machine can alter hundreds of settings which might have been vital to the data detective’s evidence trail.
A case in point happened to an Evidence Talks client last year.
A large manufacturing company suspected widespread intellectual property theft after the managing director and a fellow director left for a rival firm – taking many members of staff with them.
Unfortunately, the firm’s IT manager, suspecting something was amiss, had decided to “have a look” at the director’s laptop. Then they reformatted the drive on the managing director’s machine and gave it to another employee.
 Two months later, when it was apparent that the two laptops had been used to plan the defections, the company decided they needed expert help – from us.
We discovered that the IT manager’s “quick look” actually meant opening various Microsoft Office documents, altering the ‘last accessed dates’ – a crucial piece of evidence in any inquiry.
He also downloaded data recovery software and installed it – overwriting more vital evidence.
Luckily, our experts saved the day. We pieced together fragments of data which proved that confidential files had been burned to CD and, by using our LoPe software, we managed to recover large amounts of email traffic - with attached company documents - and proved they had been sent to the managing director’s home email account.
The company was delighted with our efforts, but they learned the hard way that it pays not to meddle.
So remember, at the first sign of an ‘incident’, call Evidence Talks first on 0845 125 4400. Our telephone advice is free.
 Email us here | 
