Forensic Investigations: searching for electronic data, analysing it, and using it in court (Webinar course code HW/SFCL40 - 2.5 hours)

SCL half day seminar and webinar

At this half-day seminar three distinguished speakers will consider forensic investigations into electronic data from three different angles.  Edward Wilding will explain what a technical expert may be able to find when carrying out the search, and will refer to a number of common misconceptions about what is achievable.  Paul Tombleson will explain how a forensic accountant goes about locating relevant information, analysing the information and presenting the results of the investigation.  Peter Sommer will explain the legal framework governing admissibility of electronic evidence.

Edward Wilding, Director and Chief Technical Officer of Data Genetics International (DGI) Limited

  • When should the expert be brought in?
  • Assessing a computer expert's competence and suitability; value for money.
  • The ground rules of admissibility.
  • Processing the crime scene.
  • Why computer data is so slippery.
  • What is technically possible, and what isn't!  Misconceptions about deleted data, encryption, the Internet and other urban myths.
  • The latest gadgets and tricks – for good or evil.
  • Major and multi-jurisdictional inquiries.
  • Monitoring the progress of the investigation.
  • Remaining focused and making the evidence clear.
  • Presenting complex evidence in Court.

Paul Tombleson, Partner, KPMG, Head of UK Forensic Technology Practice

  • Benefits of using technology to complement an investigation
  • Planning the investigation
  • Sources of electronic data, including publicly available data,
  • Structured data and unstructured data
  • Analysis of the information
  • Presentation of the results

Peter Sommer, Research Fellow, London School of Economics 

  • What powers and authority can / does the investigation confer on you?
  • What evidence do you seek to acquire?
  • What procedures are needed to make the evidence admissible?
  • What restraints in general may operate on you during the investigation?   Data Protection, Human Rights, Employee Protection
  • What further restraints in evidence acquisition may operate on you?  Regulation of  Investigatory Powers Act, Computer Misuse Act
  • What are the obligations of disclosure? civil, criminal, third party
  • What is the impact of Legal Professional Privilege?
  • Importance of Investigator's Records of Activities
  • Disclosure and Forensic Artefacts - a sanitised case study

Peter Sommer is a Research Fellow at the London School of Economics where his interest is "the legal reliability of information systems", a subject which includes e-commerce protocols, computer forensics and many other aspects of computer-derived evidence. He is also a Senior Visiting Research Fellow at the Open University where he is developing a course on computer incident response and forensics. Since 2005 he has been the Joint Lead Assessor for the computer evidence speciality at the UK Council for the Registration of Forensic Practitioners.

He read law at Oxford and has had careers in both conventional book publishing and in electronic publishing. His first expert witness assignment was in 1985 and his casework has included the Demon v Godfrey Internet libel, NCS Operation Cathedral into large scale distribution of paedophile images, Operation Crevice (terrorism),  and the recent defamation action involving Sir Martin Sorell of WPP and some Italian former business associates. 

He sits on a number of Whitehall advisory panels and was Specialist Advisor for E-Commerce to the UK House of Commons Trade & Industry Select Committee to support their scrutiny of government policy and legislation.  He is the author of the Directors and Corporate Advisors Guide to Digital Investigations and Evidence published by the Information Assurance Advisory Council.

Paul Tombleson is a partner in KPMG and Head of the UK Forensic Technology practice.  He has more than ten years of experience in leading and managing forensic engagements including investigations into fraud and false accounting, fraud risk management services and in providing forensic technology solutions.  His recent experience includes leading a global electronic discovery exercise for a major pharmaceutical company, involving the capture of many terabytes of information from over 400 data custodians in 17 countries by over 100 KPMG staff.  He has acted as an Expert Witness and a Witness of Fact in litigation or dispute resolution on a number of occasions and given evidence in Court tribunal and mediations.

Edward Wilding is the Director and Chief Technical Officer of Data Genetics International (DGI) Limited, an independent company that specialises in computer forensic investigations and digital evidence. He has successfully investigated several hundred cases of computer fraud, sabotage and misuse in many jurisdictions and has acted many times as an expert witness. He was the founding editor and remains on the editorial advisory board of the Virus Bulletin, the international journal of malicious computer code analysis and he formerly edited the Computer Fraud and Security Bulletin published by Elsevier. He has written two books, 'Computer Evidence: a Forensic Investigations Handbook', published by Sweet & Maxwell in 1996, and 'Information Risk and Security: Preventing and Investigating Workplace Computer Crime' published by Gower in March 2006. Mr Wilding has lectured worldwide on forensic methods and investigative techniques, has trained incident response teams for a number of multinational companies, and has conducted security and risk reviews for a wide range of corporate clients. See

Published: 2007-10-16T00:00:00

    Please wait...