Tips Special skills needed to analyse digital data | WISE Workplace

Published - April 2008

Relying on digital data sources during workplace investigations can often be misleading or unreliable.

Modern technology does not negate the critical analytical skills of an investigator or the need for the application of common sense.

Though digital data can provide strong evidence of misconduct, care needs to be taken in analysing the data to ensure that simple errors have not been made in the collection or recording of that data.

In a recent case WISE Workplace was called in to investigate the suspected theft of fuel from a work vehicle. This case involved the analysis of digital data from a vehicle-tracking device.

Analysis of the data failed to show any patterns and critical analysis of the locations identified showed that frequent locations provided by the tracking device had no logical explanation.

The absence of data relating to where the vehicle was garaged led the investigator to question the reliability of the data.

Also, the importer of the equipment could not satisfactorily explain how the device was programmed. This rendered the information useless.

Simple measures such as confirming the synchronising of times and dates on video cameras. Phones and computers can greatly assist investigations.

Organisational databases are not fool proof either. Over reliance on formal records such as rosters or electronic door swipes can be very misleading. They often don’t relate to the actual hours worked by employees.

In another case involving data from a computer hard drive that contained pornographic images downloaded from the Internet, discipline proceedings came to a stand still when it was established the hard drive containing the images could not be linked to the accused.

A failure to record the basic information required at the time of securing the computer lead to the confusion.

Another common problem with corporate cases involving digital data is the failure of staff to follow log on/off procedures that provide records of who accessed the information.

Data from mobile phones is easier to check as phone companies usually record all incoming and outgoing numbers providing verification to investigators that messages have been sent from a particular phone.

This second source can only be accessed however if the employer holds the records or with the consent of the account holder.

When collecting digital data the basic questions that should be recorded at the time are:

Who? – Who is the person seizing and securing the hardware or searching the computer logs?

What? – What am I seizing – what is the hardware ID number/ phone number or ID of user?

Where? – Where is the hardware located at the time of seizure and where is it stored?

When? – What time and date was the hardware seized or data scanned?

How? – What was the process followed when securing the hardware or accessing and recording the computer logs?

Agencies should record this information before arranging specialist forensic analysis of digital data.

When digital data is available and its authenticity can be established it can provide very strong evidence of misconduct as in Hogan Vs RailCorp where the confirmation of text messages was sufficient grounds for the Transport Appeals Board to uphold the decision of the employer to dismiss the employee for misconduct.