2009 CCH. All Rights Reserved.
Investigation of Electronic Data: A Brief Introduction
Computer forensics is the analysis of electronic data and residual data for the purposes of its recovery, legal
preservation, authentication, reconstruction, and presentation to solve or aid in solving technology-based crimes.
Useful digital courtroom evidence is evidence that can be legally viewed as ‘‘witnessing’’ an event and providing
cation of the user of a computer. Generally, useless digital courtroom evidence is classi
ed as hearsay
evidence albeit documentary hearsay.
Introduction to Electronic Evidence
Perspectives on Investigation
Electronic evidence of a crime is contained on employer-owned personal computers (PCs) and mainframes,
employees’ personal PCs, the company’s network, personal data assistants, digital cameras, pagers, external drives,
dongles (security devices that must be connected to a computer in order for certain software to run), disk sticks,
oppy disks, smart cards, cell phones, and web servers in external networks. Such electronic evidence easily
and unintentionally can be destroyed or made inadmissible as courtroom evidence by the actions of those who
nd the evidence and are uninformed as to how such data should be handled. Further, electronic evidence is likely to
vanish more quickly than any paper evidence.
Auditor’s Job as Related to Computer Forensics
A question that should be asked is: ‘‘Does computer forensics have anything to do with the auditor’s normal
job functions?’’ Bigler states that auditors often have responsibilities for investigations of computer-based ‘‘frauds,
harassment, theft, pornography, or deception committed by employees, contractors, vendors, customers or other third
The primary purpose of the Sarbanes-Oxley Act is to help avoid the
frauds of the last decade. The approach taken in the legislation is (1) to make management directly responsible for the
integrity of the company’s
nancial statements and (2) to require a strengthening of internal control procedures. Added
assurances need to be made regarding the level of information integrity, protection of
nancial records, accuracy of
nancial representations, and assertions that reporting systems are working as designed. Section 404 requires that
these validations need to be performed by the external auditors.
The Public Company Accounting Oversight Board (PCAOB) was created by Sarbanes-Oxley
legislation, and it was given authority over auditors’ attestation standards with the purpose of protecting investors
from the recent
nancial fraud abuses. The PCAOB has taken over setting auditing standards for auditors from the
Auditing Standards Board of the AICPA. The PCAOB, under an SEC approval process, is responsible for adopting
auditing and practice rules over public accounting