From Forensics to e-Discovery

A few months ago I commented on Guidance Software, a company with a near monopoly on the PC forensics market with their EnCase product. That was following their recent settlement with the FTC. And since December, when they floated on the Nasdaq I’ve been keeping an eye on their share price (currently up 26% on the issue price) as it’s not often we see an IPO for a security technology company. So I was interested yesterday to run into Brian Karney their product development director, who’s in London to promote their products. In particular I was keen to hear their take on what’s new in the forensics world.

And things certainly have moved on in computer forensics. Today you can interrogate PCs across a network, so there’s no need to seize end user’s PCs and cart them away for examination. But more interestingly, you can also use this capability for e-Discovery, searching across remote PCs for traces of documents needed for litigation cases. Now if you were designing an information archiving capability to support e-Discovery, you probably wouldn’t think to use such a specialised technology. But if, like many organisations, you suddenly find yourself in a situation where you have to search across numerous remote PCs, then this technology would be very handy. Which just goes to show how versatile some security technologies can be.