HoustonChronicle.com

• Nextel, Verizon agree to leave emergency band
• Ex-ABC executive takes Yahoo post
• Source: AOL to cut 700 jobs
• Technology helps parents keep up with kids
• Online poker players stake their livelihoods

Meticulous cybersleuth takes on high-tech cases

Businesses, suspicious spouses use PI to track down, test or testify about hard-drive hijinks

RESOURCES

PROTECTING INTELLECTUAL PROPERTY • Review policies on what is acceptable and unacceptable e-mail and computer usage. • Create strong passwords and change them often. Use a mix of upper and lower case letters, plus numbers. • Delete files from the hard drive with wiping utilities. • Conduct unannounced audits of software and hardware. • State in policy that the company has the right to monitor computer usage. • Never forget: The only way to really erase the data is to put the hard drive in your driveway and smash it.

JUST call William Simon the Sherlock Holmes of computers.

The cyberspace sleuth would love the comparison. In fact, he named his business, Abberline Investigations, after his distant cousin Frederick Abberline, a Victorian-era Scotland Yard investigator.

The licensed private investigator, with more than two decades of experience in computer forensics, is the go-to guy when companies need to analyze and retrieve information stored on a computer in such a way that the information can be used as evidence in a court of law.

About 70 percent of Simon's work is for attorneys whose corporate clients are suspicious that an employee is doing wrong, while 30 percent of his cases come from individuals who suspect their spouses are having affairs.

"If you're into forensic procedures and rules of evidence, then the absolute priority to me is accuracy," he said. "I have to be accurate in what I do and how I do it."

Simon uses specialized proprietary hardware that makes an exact "bitstream" copy of a hard drive. A bitstream copy is different from simply copying the hard drive in that it duplicates all unused or deleted space on the hard drive.

Then, back in his lab, he makes a copy of the copy, stores the first one in a safe and uses the second one as a working copy. Then he disconnects the hard drive, analyzes, researches, discovers and re-creates all files on that hard drive.

"I believe in safety over speed," said Simon, adding that he is expensive. "I've handled everything from white-collar fraud to child pornography to 'My wife is having an affair.' "

'Top' in his field

"He's on my top priority list as far as anyone in the computer forensics field," said Troy Hutcheson, a licensed private investigator with Spiegelhauer & Associates who has worked with Simon and was one of President Clinton's Secret Service agents for seven years. "His preciseness, his attention to detail — he's trustworthy. When you're dealing with the law, you have to be very careful about the boundaries you cross."

In a field where TV crime shows have created wannabes and too many inflated egos are solving cases with an eye toward turning them into television shows, Simon is different.

"He doesn't puff himself up to be bigger than he is, or larger than life," said William Odom, president of the International Center for Computer Forensics Accreditation, Standards and Testing.

Simon said the most common mistake he sees among businesses is a casual attitude toward computer security.

"The corporate world doesn't take it seriously," Simon said. Executives believe it will never happen to them because their system administrator will take care of everything, he added.

"System administrators are usually the guilty party — they set things up to his or her advantage," Simon said.

Most small businesses are so busy running daily operations that they fail to give a second thought to how their employees use computers.

How to stop it

•Have a written policy covering acceptable and unacceptable use of computers. This can range from two pages to a manual.
"It is surprising how many companies don't have a policy," Simon said.

Simon recalled one case in which an employee clogged the company's e-mail server because he downloaded a computer movie — a revolting, nasty film — and was sending it to his friends.

The company couldn't fire the employee for that offense because it had no computer-use policy.

•Pay attention to what you leave on your desk when you walk away. Don't leave budgets on your desk for the mail clerk to scan.
Simon said once he was hired to do a physical security check. Dressed in a suit and carrying a briefcase, he approached an employee, telling the worker it was his first day on the job and had forgotten his security card. The employee let him inside.

Within 10 minutes, Simon was seated in the chief executive's office reading payroll records on his computer.

•Use stronger passwords that must be changed regularly. The network administrator should require users to change their password every 30, 60 or 90 days. The password should be a combination of upper and lower case letters and a mix of letters and numbers. Do not use names of children, spouses or pets.
Simon said he once managed computer security for a Houston firm where more than 60 percent of the employees used the word "password" as their password.

•Use specific wiping utilities to erase data.
When you delete a file, it remains on the hard drive. Employers should use a secure-erase wiping utility. A good one will overwrite the hard drive with a pattern of 0s and 1s and replace every bit of data with 0s and 1s, Simon explained.

When a laptop is recycled to a new employee, the hard drive needs to be reformatted and cleaned, not simply erased and reloaded with software.

Simon said the key to successfully protecting intellectual property and safeguarding computer use is to get employees involved, making sure they comply with policies and fostering a team effort.

"User education is the key to success," Simon said.

---

The newly designed Chronicle is now half-price for new subscribers!

Houston Chronicle e-Edition Free 3-day sample