Boom in PC Postmortems as Porn-planting Spyware Grows

From: Disklabs
Published: Wed Feb 16 2005

Disklabs Data Recovery and Computer Forensic Services has seen demand for its forensics services grow by over 70% in the last year, as companies are increasingly hit by viruses and spyware which can download pornography and other inappropriate material without users being aware of it.

Incidents of spyware and other programs capable of changing users’ Internet favourites and bookmarks, downloading images to hard disks and stealing information on user activities from PCs have mushroomed in 2004.

Research in late 2004 by technology firms Earthlink and Webroot revealed that 90% of Windows computers harbour an average of 28 separate, malicious programs. The audit surveyed over 1.5 million PCs, finding more than 41 million instances of spyware, Trojans and other malicious programs.

Disklabs Director Simon Steggles said: "With so many malicious programs on the Web, organisations are realising that PCs with inappropriate images or content may not have been misused by individuals, but unwittingly infected. Forensics can establish beyond doubt whether this is the case, and also present evidence which can be used to support the chosen course of action."

According to Steggles, many organisations, especially in the public sector, are turning to forensics to establish if misuse or an infection is to blame for inappropriate material found on computers. The rise in computer spyware and viruses coupled with the often sensitive nature of individual cases means that an independent, expert voice is needed. Companies cannot afford the risk of adverse publicity and many are now starting with a forensic examination to establish if the computer has been compromised by malware.

Steggles said: "Frequently, in-house IT staff lack the proper resources and the know-how to get to the root of the problem, and can actually compromise any evidence present on the system. Professional forensic analysis provides valuable peace of mind for companies and the knowledge that their data is being analysed in a professional, objective and secure manner."

A forensic investigation proved to be invaluable for the head teacher of an English primary school who in 2004, discovered web folders with pornographic content on a PC used by pupils. The history of these folders suggested a creation date during lesson time and a modified date on a teacher-training day.

The issue was obviously an extremely sensitive one, with potentially disastrous publicity for the school. Opinion was divided amongst County ICT staff and the head teachers union as to whether the images and bookmarks had been made intentionally or if this was due to a malicious program.

Faced with the potential risk to pupils, the need to treat the staff fairly and responsibilities to the school and its governors, Disklabs was called in to conduct an independent forensic analysis of the computers in question.

The analysis showed definitively that the problems were caused by a program from the well-known spy- and adware family, Istbar Adware. The program downloaded content to infected PCs without users’ knowledge or agreement, and not through misuse of resources. Disklabs’ detailed analysis report cleared the school, staff and pupils of any doubt, and gave vital independent corroboration of the school’s position.

Disklabs’ approach when conducting a forensic examination is to first isolate the system. Similar to an actual crime scene, the computer will contain evidence and an audit trail of user activity. Specialised forensic tools search hidden folders and unallocated disk space, verifying exactly how the files arrived and whether this was down to human intent or a malicious program. Findings are delivered in a complete procedural report.

Issued on behalf of Disklabs, contact Simon Steggles: 01827 50000 /

About Disklabs
Disklabs Data Security and Computer Forensics Services offer full, in-house data recovery and forensic services to all storage media, from hard disk drives to digital camera memory, PDAs, mobile phones, RAID servers, DVDs, CDs, floppy disks, jazz cartridges, zip cartridge and all tape formats.

Company: Disklabs
Contact Name: Simon Steggles
Contact Phone: +44 1827 50000

Visit website »