Sponsored by
Securing the scene to catch a thief
A man has been killed by a rival who plunged a knife into his back before fleeing the scene. If you walk in, leave your footprints in the blood and pull the knife out of the victim's body, vital evidence will be contaminated irrecoverably.
No witness or policeman would dream of doing this after a murder. But that's not the case when businesses are the victims of other types of crime or underhand practices. Evidence is compromised when computers are used again and information about the culprit is lost when the scene should be sealed off.
The problem gets bigger during a recession. Not only are there more sharks in cyberspace, looking to attack a reputable business, there are also more disgruntled former staff who have either been sacked, made redundant or poached by the competition. If they were in a privileged position at the time of their departure, they could have data from their old company which their ex-employer does not want other people to see.
That's why preventing and detecting the abuses of businesses, including by their former staff, has become a significant industry in itself. Stephen Hirst, a former detective constable in West Yorkshire Police, is part of it. Having headed the forces' Hi-Tech Crime Unit in Wakefield between 2004 and 2006, today he is director of digital forensics at Stroz Friedberg in Leeds.
It's a switch in position that has taken him from working within a 50 mile radius of Leeds to different parts of Britain and halfway round the world. He gets called into a business when they suspect that an employee, often one who has since left the firm, has been up to no good.
"It's when someone has taken data, destroyed data out of spite or been manipulated (by a rival business] for data", said Mr Hirst.
Worringly, there are more and more opportunities to do this, he explains. Whether it is accounts information, customer databases or confidential details of business practices, the ready availability of increasingly hi-tech equipment at low prices, compared to a decade ago, means it is easy for disgruntled staff to take data away from business. Upmarket mobile phones, digital cameras, USB memory sticks and even old-fashioned floppy disks are just some of the ways it can be done.
The good news for employers who have been a victim of this type of breach, however, is that there will nearly always be a trace, which is where Mr Hirst and his colleagues – and their equipment – come in.
"The trace may not be obvious to the lay person – if you try and find it you may contaminate it," he warns, which is where the parallel with a murder scene comes in. After a crime has been committed – in a business' case it may just be a loss of commercially sensitive information, rather than an offence – then you need to tape off the area, he explains.
"It is normally about six months before they realise something is amiss. Somebody has effectively walked over the murder scene by then. There is a chance that data has been overwritten."
Mr Hirst recommends that when people who have had access to sensitive information leave jobs, their computers should be quarantined for six months, because it is within that time that businesses will realise if their data has been misused.
Or firms like Stroz Friedberg can take a "forensic image" of what is on the computer. This can be stored and only needs to be looked at if there is reason for suspicion. When something has gone wrong, be it data being stolen by an ex-employee or someone external getting into a business's network of computers, Mr Hirst and his colleagues are often needed at short notice.
Late last year he was called to South Wales in a hurry to deal with a hacking inquiry. About $300,000 had been taken from the bank account of a large international firm in the IT manufacturing industry. The hacker had been watching the firm and spotted that it had been weakened by a virus before deciding to swoop. Mr Hirst travelled down to Wales, quickly identified where the money had gone and was able to stop the transfer before it landed in a Russian bank account.
The speed with which he has to swing into action on days like this harks back to his days in the police. Surely the most dramatic example of when he had to use his digital forensics skills to help track down criminals was in the aftermath of the London bombings in July 2005.
Anyone who was in London at the time can remember the tense atmosphere between 7/7, when Yorkshire-born suicide bombers struck at Russell Square, Aldgate, Edgware Road and on a bus at Tavistock Square, and 14 days later, when devices failed to explode at Shepherd's Bush, Oval, Warren Street and on a bus at
Hackney Road. For Mr Hirst, however, the concern wasn't just over the possibility of another attack, but the need to recover and analyse digital CCTV footage before it was taped over by the shops, businesses and stations which had cameras.
Mr Hirst helped SO13 – anti-terror police – to identify the bombers Muktar Said Ibrahim, Yassin Omar, Ramzi Mohammed and Hussain Osman and extracted evidence from mobile phones, computers and portable hard drives found in their homes.
Two years later the detective was approached, through a friend, by Data Genetics International because it was opening an office in Leeds. He was ready for a new challenge and, having earlier had to take months off work after sustaining head injuries when called to a mass pub brawl, was always conscious that one day he could be hurt even more seriously. He joined DGI in 2007 and late last year it was taken over by Stroz Friedberg, an American technical consulting and services firm specialising in digital forensics.
The tools of his trade are similar to his life in the hi-tech crime unit but his investigations are very different. Having been interested in computers since he was a teenager, his last position with West Yorkshire Police felt "too good to last".
"The police generally don't like people staying in one position too long. Promotion in-house was not definitely going to happen. I miss the adrenaline. There is no job like it – but I didn't want to be thrown through any more car windows."
Courage in the line of duty
Stephen Hirst was head of West Yorkshire Police's Hi-Tech Crime Unit in Wakefield before he left to join Stroz Friedberg, then called Data Genetics International.
His experience in the police includes examining more than 2,500 mobile phones, on cases of murder, theft, serious assault, fraud, drug offences, pornography, and child abuse, as well as corporate fraud, intellectual property theft, and breach of copyright.
Mr Hirst won a commendation for bravery in the 1990s when he made an arrest at a pub brawl despite being attacked by six men. He and a colleague were called after a report of women stealing paintings from a Leeds pub but arrived to find a mass fight. At its peak, about 40 people were involved.
The officers called for support and, although Mr Hirst sustained head injuries which led to him taking months off work, he managed to hold on to his suspect.
Email to a friend
Print this page- Three-inch blanket of snow heading our way today
- Alan Shearer in list of favourites for Leeds and England jobs: Latest odds
- Barnsley’s Keith Hill invokes Fawlty Towers over link with Leeds job
- McCormack feels United search can be narrowed down
- Redfearn throws down gauntlet as queue builds at Elland Road
- Rival chips in with £500,000 to restore the original Harry Ramsden’s
- Visit from Princess as Serbian culture celebrated
- SportsTalk: Leeds United’s manager search, Super League and Calcutta Cup
- Libraries aren’t like supermarkets, they are magical places where dreams begin
- Strategic review will lead to job losses at Yorkshire Bank
Looking for...
Featured advertisers
Jobs
Search for a job
Motors
Search for a car
Property
Search for a house
Weather for Yorkshire
Saturday 11 February 2012
Today
Cloudy
Temperature: -1 C to 1 C
Wind Speed: 9 mph
Wind direction: South east
Tomorrow
Light rain
Temperature: 1 C to 6 C
Wind Speed: 8 mph
Wind direction: North west
