COMPETENCE IN THE FACE OF COMPLEX”IT”Y

Extracting information from integrated computer systems: Rob Shrubsall, Founder of CONTENTENGINEER Group highlights the need for fundamental engineering skills to provide dependable expert services to clients.
For immediate release – 1st June 2007

E-commerce, enterprise applications and e-mail systems provide the central nervous system to commercial and public sector organisations alike. Open to traditional attacks by virus and trojans, computer systems are also open to misuse by hackers, users and system administrators. Unravelling the root cause using proven computer forensic examination techniques, is becoming increasingly complex due to multiplicity of evidence involved.

One such leading practitioner in the field is Rob Shrubsall, a Chartered Engineer and Chartered IT Professional with many years experience designing, operating and investigating complex systems in a range of highly regulated industries. He is adamant that the computer forensic industry needs to broaden its skillsets to provide timely investigations and precise testimony when facing such differing technologies.

The miniaturisation of memory and processing power, broadens the range of evidence that can contain valuable data. From RFID tags used for logistics tracking and GPS for position finding, to network routers and high powered computer servers; limiting any examination to hard disks in a personal computer or server may leave avenues unventured. “Experts need to be more than pilots of commercial, off-the-shelf computer forensic software,” explained Rob Shrubsall “they need to appreciate fundamental engineering principles, application architecture and system management techniques, to deliver excellence.”

“System Autopsy requires a comprehensive knowledge of the micro and macro levels. With the advent of flash memory replacing hard disks – examiners need to hone techniques for probing integrated circuits with unique access protocols. At the macro application layer, examiners need to have experience in object orientated, database driven applications.”

For example, take a web based system that incorporates online ordering, account management, logistics tracking and payment. “Delivering online presence to data hungry customers often demands integration of many components. For example, it may include RFID tagging for order tracking, smart cards for payment or user authentication, firewalls and routers for internet connectivity, and an array of servers providing the website functionality and persistent database.”

“Any misuse of such a complex system could involve one person operating singularly to further gain, or a group of people colluding to defraud the owner of the system,” described Rob Shrubsall. Unless processes are highly controlled, the complex nature of systems makes it increasingly difficult to stop every gap. “Determined users will go to many lengths to subvert procedures, change security permissions using blatant hacking, exploit social engineering to gain confidence of power users; however, they will ultimately leave a trail of evidence or clear absence (deletion of data) across many systems that will ultimately incriminate them.”

“To meet client needs, requires a thorough understanding of the micro and macro levels,” confirmed Rob Shrubsall. “An engineering qualification, in addition to experience in forensic examination provides a very strong basis to adapt to any computer crime scene. Thinking logically from first principles, rather than purely relying on the results of an automated system scan, will often uncover the core evidence.”

Because perpetrators of system crimes are often very experienced, they will use their knowledge to circumvent security provisions and system logs. “Spotting inconsistencies across systems, integrity issues and deleted transaction records often provide valuable markers in ongoing examinations.”
Rob Shrubsall has therefore pioneered the use of business intelligence tools to extract data from business applications running on Microsoft SQL Server, Oracle, MySQL and IBM DB2 databases. “Using Enterprise Transformation or ETL technology, it is possible to combine data from multiple sources, and then drill down across systems, providing a far better picture than a singular view of individual systems.”

Concluding the discussion, Rob Shrubsall indicated that it will never be possible to automate the role of an expert or computer forensic examiner as each case is unique. “Whilst commercial tools provide repeatable results for standard evidence, they cannot explain the human factor, nor explanations cross system in long running timelines.” Clients need to ensure that any expert or firm engaged on a case has the fundamental qualifications to deal with the broad evidence presented.

Notes to Editors

About the CONTENTENGINEER^® Group

The CONTENTENGINEER Group are independent experts based in the UK's own "silicon valley" near London in the M3/M4 corridor. The Group has the knowledge and resource to provide independent expertise and with proven methodologies, the Group provides a broad spectrum of services including software development, computer forensics, data recovery and expert witness services.

About the Founders

The Group was founded in 2001 by Rob and Sarah Shrubsall.

Rob Shrubsall is recognised as one of the UK's leading independent information system experts and investigators of electronic data storage with twenty years experience. An open systems pioneer, he has specifically worked in highly regulated markets of E-Commerce, Telecommunications, Corporate Finance, Equity Trading, Pharmaceuticals and HealthCare, as well as a trusted adviser to other industries.

Sarah Shrubsall is pioneer in the field of energy finance management, with over twenty years experience of implementing: monitoring, targeting and auditing systems. As UK Energy Finance Manager, she was responsible for the first organisation in the UK to receive electronic invoice data through EDI. She has specifically worked in Telecommunications, Finance, Building Services and Property.

Trademarks

contentengineer^®, contentforensic^®, woodlandstudios^®, and FETL^® are registered trademarks. contentrecover™, vendorneutral™ and energyforensics™ are trademarks. Copyright 2001-2010. All rights reserved. Other marks may be the [registered] trademarks of others.

Contacts

For more information please contact the Group on 01252 621843, via the website www.contentengineer.com or by info@contentengineer.com.