The call came in early on a winter morning last year. An urgent voice spoke about corporate espionage and theft of trade secrets. After a few deep breaths, the caller identified himself as counsel representing an international bank and said he was highly distressed about a developing situation with one of the bank’s former employees. He outlined allegations that before joining another company, the employee took internal client information valued in the million-dollar range. The official said he was turning to investigators from New Technologies Inc. (NTI) for help.

Paul French, manager of NTI’s Computer Forensics Laboratory, opened an investigation right away. With cooperation from the bank and the suspect’s new employer, French got the employee’s old and new computers and made copies of the hard drives on each one. Working off these copies so as not to damage the originals, French then used proprietary tools to search for hidden information about certain files. In a matter of hours, NTI investigators confirmed that the employee had taken key documents from the bank, downloaded them on to a floppy disk, and saved them on his computer at his new job.

"All in a day’s work," French deadpans, in the best Sgt. Friday impression he can muster. "This [employee] thought that by tossing files in the trash, he could erase all the evidence of his crime. Suffice it to say, he thought wrong."

Bad guys always overlook something, and this ill-fated criminal underestimated the effectiveness of computer forensics. Like more traditional police forensics, this science has one overarching goal: to find evidence of crime and preserve it for eventual use in a court of law. Once regarded by technophiles as an obscure component of network security, the discipline has blossomed into a science all its own, garnering widespread attention from analysts and CIOs and sparking an industry of companies such as NTI. This boom makes perfect sense?as enterprises become more complex and move more information online, they leave themselves increasingly vulnerable to high-tech crimes of every ilk. Securing evidence necessary to convict an attacker becomes a matter of paramount importance.

Still, because the industry is fairly new and response efforts can cost millions, it is primarily CIOs at large, well-endowed companies who have had the opportunity to tackle the science in-house. Those looking for cheaper solutions have outsourced computer forensics on a case-by-case basis, calling a third party for help after an attack. Both strategies work, so long as evidence of a crime is obtained through the proper methodology. And computer forensics is perhaps the best way to track down who did what, and how he pulled it off, according to Thomas Talleur, managing director of the forensic technology services group at KPMG. "Corporate criminals don’t always tell the truth," he says. "Their computers, however, usually do."