In this high-tech world, communication is done 99.999% via electronic gadgetry, which means computers. From personal to corporate communications, from simple messages between employees to complicated ciphers of industrial espionage or financial crime, computers are the vehicles. Thus the best place to find evidence of employee misdemeanor in almost all aspects is to check his computer hard disk. Whether it is a refurbished computer, a used computer or a new computer, traces of what he did using the machine may be analyzed to establish whether he committed malfeasance or not. This field of post facto computer analysis is called computer forensics.

Every computer records all keystrokes performed in the machine, since it must respond to them as instructions. This record is normally stored in the disk in various locations though most may be automatically deleted as part of the operating system methodologies. But analysis of computer disks normally reveals traces of these, especially the deleted items that have not yet been overwritten by new information. Deletion of information in any program simply means the computer will not access it, but it does not go away unless overwritten, and may be ‘read’ by specialized gadgets to reveal what was thought to be already eliminated.

There are two general reasons for computer forensics: when an employee is suspected of misbehavior in keeping company information confidential during his tenure; and if an employee is thought of under performance, not devoting his full time to his work. In the first instance, the computer may be confidentially examined after the employee has left without anyone being the wiser; but in the second instance, periodic computer inspection is the only way to identify goldbricking employees without adversely affecting employee morale. Otherwise, spying on the employee will be the alternative, either via electronic gadgets or actual spies.

Information obtainable by forensics gadgets include:

1. Files or parts of files that have been deleted but not overwritten. As stated above, the magnetic arrangement for the information stays as is unless rearranged by new keystrokes.

2. List of deleted file titles even without the files. This may indicate the use of unsanctioned or unofficial applications.

3. Websites visited, at any browser setting, even if deleted from browser history. Normally recorded in hidden files or unused disk space and readable in whole or remnants.

4. Opened or downloaded Internet information or graphics. Same with the preceding.

5. Non-standard applications or software used.

6. Residual information in the temporary files, saved or not. Usually the most recent work.

7. Hidden information or those protected by passwords. The applications used can crack the passwords or go beyond them.

Corporate studies indicate that about 20% of employee computer time at work is devoted to activities not directly connected to the work, and this is grossly unfair to the employer. Employee monitoring is thus a way of ensuring correct employee conduct, but there is also such a thing as employee morale and right to privacy. The trick is getting and keeping a balance between the two rights, and computer forensics is simply a way to do it.