What if an employee visits the Human Resources Department with allegations that a colleague sent them offensive e-mails? What if the suspected employee deleted certain files from their computer? What would you do?
Digital Forensics can retrieve deleted files and allow HR professionals to make decisions based on facts. The above scenario is just one example of an incident that HR professionals might encounter within their
organisation.
Suspected employee misconduct is sometimes not fully investigated to confirm or deny any allegations, it is important for HR Professionals to understand the nature of IT evidence. Simply browsing an employee’s
computer or asking the IT staff to supply email files for HR review will sometimes not be sufficient to uncover the real facts in a case.
Whenever IT is involved, an employee investigation should follow the chain of custody procedures where the original evidence should never be analysed or tampered with but secured in a forensics manner, in most
cases a forensic copy of the original evidence must be used in an investigation.
Following the chain of custody procedures is not an option but a rule which every organisation must be compliant with in order to ensure admissibility of evidence in a court of law.
The following are just a few selected examples of HR incidents that might require digital forensics analysis:
* Fraudulent activities;
* Unfair dismissal;
* Breach of contract;
* Intellectual property theft;
* Offensive communication;
* Discrimination;
* Viewing inappropriate material; and
* Harassment.
Even the most careful and articulate employee will leave traces showing their actions and intentions. The key is to collect and preserve this information and then identify the suspect’s IT related activities that will
establish facts and a timeline related to the allegations. There are a variety of different potential sources that might contain relevant digital evidence.
Examples of corporate IT equipment used by employees include computers, mobile phones, servers, tablets such as iPads. Examination of company owned devices can show and explain the – who, what, when, why
and where.
It is important to develop a set of Standard Operating Procedures for HR investigations so that untrained individuals know what to do during these situations. HR Professionals should work with the IT department to
ensure that IT evidence is retrieved in a forensically sound manner. This must be done by trained staff or external consultants.
It is important that the individual covering this takes down detailed notes from the beginning to ensure all actions taken are fully documented – preferably in a notepad with numbered pages, in addition the time and date
should also be recording for each action/step. This will help ensure that if this information is admissible in court.
Once you have identified a potential risk it is important to get advice from a forensic expert to ensure the situation is dealt with correctly. It is important to minimise access to the IT evidence to avoid the risk of losing
potential evidence.
HR Professionals should be aware of the role of Digital Forensics and how it can help confirm or deny employee allegations of misconduct. Adhering to Digital Forensic procedures that are based on the chain of
custody rule will also protect the organisation in case of legal or noncompliance proceedings.
Contego Solutions is a specialised digital forensics firm which is based in Dubai with expertise in assisting clients in extracting digital evidence in an investigation and providing a detailed evidential report of findings.