Skip to main content

Why endpoint data is so critical to corporate investigations

(Image credit: Shutterstock / Golden Sikorka)

While offices worldwide are beginning to reopen, many employees are continuing to work remotely. And some form of remote work will no doubt remain long after “business as usual” returns. During their time out of office, remote workers gained greater freedom and flexibility, but businesses incurred greater risk.

When employees worked at company headquarters, they all used the same protected corporate network that easily allowed IT departments to run daily scans and monitor security threats. Now, many remote workers are using their unprotected personal devices—computers, laptops, tablets, mobile phones—for company business, connecting to unsecure networks, and mistakenly clicking on malicious apps and websites.  

This behavior threatens every company's endpoint data—a combination of corporate data an employee accesses, uses, works on, or engages with on a digital device (or endpoint) and data an employee enters into the system, such as exchanges with colleagues and customers. 

Containing the "digital fingerprints" of every employee who interacted with it, endpoint data is critical to corporate investigations—not only because it can provide evidence of unscrupulous employee behavior, but also because it can exonerate an innocent employee suspected of reckless, unethical, or fraudulent activity. 

The inability to collect endpoint data can damage companies in terms of lost revenue, sullied reputation, and exorbitant legal expenses. But how can endpoint data be accessed and collected efficiently from the personal digital devices of an unsupervised and diffuse workforce while protecting their privacy?

The old methods don't work anymore

Traditional digital intelligence investigations of on-site devices have often been time-consuming and laborious. For a remote workforce, the burdens for IT investigators are compounded: 

  •  They must deal with a multitude of different personal devices and with slower, unsecure network connections. 
  •  They must be transparent about what they're doing and get the consent of the employee to access their digital device. 
  •  They must comply with federal, state, and local laws—both the laws of the state where the company is headquartered and the laws where the remote worker lives or works from. 

In addition to overcoming these technical issues, investigators need to know where to look for the endpoint data that employees engage with to find the relevant files in a timely, cost-effective manner. 

For example, looking at a huge repository of data like an employee's Exchange email may be easy to review—but employees could also send communications through other channels, such as chat messages, or in places where they must log in, like videoconference chat logs that get saved to their computer. 

Then there is the challenge of figuring out what data should be left alone and what should be included in their eDiscovery process.

Some common things that investigators look for on an employee's device would be messages, documents, Excel spreadsheets, and PDFs. They'll also want to see an employee's patterns, such as sending emails to unauthorised parties and the frequency of contact.

The Cloud is playing a major role in modernizing sensitive data analysis. Many companies are migrating their data to the Cloud because of its scalability—making it another source of rich information for investigators. 

One thing is clear: regardless of the type of examination being conducted, investigators are talking about a huge amount of data to collect, sift through, and analyse, which requires a tremendous amount of processing power.

Endpoint data and workplace privacy

Needing to obtain endpoint data within corporate digital forensic investigations, law enforcement agencies have relied on the capabilities of Digital Intelligence technologies. In utilising high-tech solutions, however, law enforcement has opened the door to criticism and regarding data privacy, which must be kept at front of mind within places of work. 

Corporate investigations also may seek the compilation and use of data from employee-owned devices. This complicates matters from a data- privacy- compliance perspective, as the data that resides on such devices typically comprises both business- or work-related data, and the personal data of the employee (such as personal messages, emails, photographs, and even the employee’s credit card details). Setting standards that clearly outline how technology is used in the context of investigations and making employees aware that these safeguards are in place to protect their privacy, allows law enforcement to do their job more effectively and efficiently. 

To overcome such issues, confidentiality must be promoted to keep data private. Law enforcement agencies can ensure this by only allowing authorised individuals to access specific data so that the right people see the right information at the right time during an investigation. Therefore, anyone who is unauthorized should be prohibited from accessing the data.

About the Author: As General Manager, Enterprise Solutions at Cellebrite, Ken Basore is a seasoned executive and  20-year veteran of law enforcement and computer forensics. He brings knowledge, trusted business experience, and the proven leadership ability needed to promote the mission and unique culture of Cellebrite.

An expert in the fields of IT, digital investigations, and law enforcement, Ken Basore deeply understands the customer point-of-view, and this helps guide him in the management of the company’s private sector business unit. Prior to joining Cellebrite, Ken was CEO at BlackBag Technologies until its acquisition by Cellebrite, and also Senior Vice President of Product Engineering for Guidance Software.

During his over 20-year tenure in the private sector, Ken held executive roles in engineering, training, information technology, and professional services., Iand in his current role, Ken is responsible for all aspects of the private sector business for Cellebrite.

Ken Basore, General Manager, Enterprise Solutions, Cellebrite

As General Manager, Enterprise Solutions at Cellebrite, Ken Basore is a seasoned executive and 20-year veteran of law enforcement and computer forensics. He brings knowledge, trusted business experience, and the proven leadership ability needed to promote the mission and unique culture of Cellebrite.