By Charles Miller
As a computer technician there is a question I hear repeated practically every day. After fixing any Information Technology problem, as regular as clockwork, I can depend on the client asking “What happened?” or “Why’d that happen?”
Sometimes we are lucky, and the answer to that question is apparent. Or other times, intuition and decades of experience might help me recognize something that might have caused the problem, but spending more time investigating in order to prove my suspicions is simply not practical or economical. Most of the time, though, there is no obvious or easily identifiable causation for the client’s computer problem.
I realize it is human nature for people to want to know the answer to that question, even when they might not be able to understand the answer if they got one. That is not enough to stop people from asking the question though, and so one time when a client demanded that I provide some definitive answers as to why his computer broke down, I took it upon myself to do a little research at; no charge.
My professional experience includes providing technical support for a number of law firms, so I knew there is a list of court-approved expert witnesses, including credentialed experts in every imaginable discipline, including computer forensics. Computer forensic refers to the detailed investigation required to bring verified and provable evidence to a court of law. I picked up the phone and called one of the firms listed as providing this service. The receptionist put my call straight through to a technician to whom I explained that my client had a computer that had malfunctioned and who wanted a Post-Event Forensics Investigation into the cause.
The technician asked me if a crime was involved, “theft, deliberate sabotage, or a divorce?” “No,” I answered, «this case was nothing more than a computer that got old and wore out, but the client wants to know the exact reason that happened. The tech politely reminded me that the End User License Agreement found on all software and computer equipment indemnifies the makers against any claims for damages. In other words, if you plan to sue some computer company because their product failed, there is almost zero chance of your prevailing in such a case because you already signed away your legal rights when you bought the product.
“No,” I explained. This case would not result in litigation; the client just wanted to know why his computer had worn out and first needed to know what the costs were involved in having the question looked into by forensics investigators. The technician obligingly provided me additional information describing how a proper forensics investigation usually consists of three phases: Acquisition, Investigation and Reporting.
Acquisition, or harvesting of all electronic information, consists of a physical examination of the computer hardware and the data stored on it. This means surrendering your computer, which you may or may not get back in one piece. Investigation depends on the nature of the case. Different professional investigators and technicians are brought in, depending on what needs to be investigated. Reporting the results and conclusions of the investigators is the final step. For this, a second set of consultants are brought in to examine and reports independently and objectively on the findings of the others who did the forensic work.
All this time spent on the investigation is charged at an hourly rate comparable to what lawyers charge. The technician told me their simple forensic investigations typically require between twenty and forty hours, but that more complicated cases can take weeks or months. So, with a lawyer’s hourly rate in mind, do the math and then you will know “How much?” the next time you ask, “What happened?”
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 415-101-8528 or email FAQ8@SMAguru.com.
