May 31, 2013

    Wiped your phone data? Think again

    SHE lost more than 2,000 photographs on her Apple iPhone when she tried to sync the device with her computer.

    But her cherished images were not lost entirely.

    Enlisting the services of an IT-forensic firm here, the young woman was able to recover the entire batch of photos - but at a cost of about $600.

    This real-life example was cited by Iranian national Ali Fazeli, 32, senior consultant of IT-forensic firm Infinity Forensics, which he founded here in 2006.

    Mr Ali told My Paper that, using specialised software and expertise, data can be recovered from a phone's memory even after it has been deleted by its user.

    And it's not just photographs. Anything from text messages to e-mail messages, call logs and the device's Internet-browser history can also be extracted. Even message threads on mobile apps like WhatsApp and Viber can be recovered.

    Depending on the complexity of the case, the firm charges anywhere from $250 to $2,500 for its services.

    But individuals who are willing to pay for such services to recover personal data are few and far between, he said. Instead, the bulk of his clients tends to be corporate organisations looking into suspected cases of internal fraud.

    According to IT-forensic players My Paper spoke to this month, the number of such cases has been growing steadily. In most instances, the use of mobile devices, such as company-issued smartphones or tablets, comes into question.

    Mr Rob Phillips, the Asia-Pacific director of RP Digital Security, has noted a 15 to 20 per cent annual growth in such cases handled since his company was set up in 2004.

    In the past few years, there has also been a 25 per cent increase yearly in the number of cases involving a mobile device, he said.

    Mr Ali said that, with greater proliferation of mobile devices, rogue employees are often able to copy confidential company information discreetly by syncing the device with a computer.

    Each month, he handles about five cases from corporate clients and about three from individuals.

    A typical case stems from suspicion that an employee has stolen company information to take to his new employer or to start up a firm of his own.

    Mr Phillips, 41, said: "The employee will steal his employer's customers, potential revenue, data and methodologies."

    This can happen in industries such as finance and manufacturing, and companies pay thousands of dollars to carry out the forensic work, he added.

    For instance, an employee of a manufacturing company may provide the blueprints of his company's product to a factory elsewhere and try to manufacture the item on the side to sell.

    Sometimes, the forensic work has to be done covertly, when companies do not want to alarm the employee being investigated, said Mr Phillips.

    In such instances, he helps companies come up with a pretext for acquiring the employee's phone, such as claiming that it is due for a "system upgrade".

    But IT forensics is not always a cloak-and-dagger operation.

    Mr Kelvin Low, director of forensic technology at Ernst & Young, said firms engage the company to analyse business data to identify "high-risk or potentially-abnormal transactions".

    This can lead to follow-up investigations, Mr Low added.

    Both Mr Ali and Mr Phillips said that, as part of the business, they take great steps to ensure that the computers and mobile devices come from their rightful owners.

    Mr Ali said: "My basic principle is to meet all clients personally. I want to make sure what I receive as evidence is from a legitimate company or individual."

    But, contrary to what is depicted in movies, IT forensics sometimes involves spending long, arduous hours at a computer.

    Mr Phillips quipped: "It's not like CSI (Crime Scene Investigation) on TV, where everything is solved within an hour."