Not every company offers both proprietary products and advice on how to use them. Guidance Software sticks to software, devoting most of its efforts to developing its flagship product, EnCase, which it markets as a full-service forensic tool. GNTS does the reverse, eschewing sales for what the company considers to be a more practical focus on incident response and information assurance assessment. This second model appears to be popular; of the two dozen or so companies in the forensics space, more than half take a similar approach. At CFI, for instance, investigators help corporate attorneys understand the nuances of the evidence they find. And at Foundstone, based in Irvine, Calif., specialists tackle fraud and other computer crimes unique to the financial services industry.

"People can buy products anywhere, even online," says Kevin Mandia, Foundstone’s director of computer forensics. "Talented, reliable and experienced people who understand a niche?now that’s hard to find."

Looking Ahead

Mandia is right, but changes in the forensics landscape may soon make it easier for CIOs to spend a couple bucks and secure evidence on their own. A number of software companies such as AccessData and WetStone are developing applications that automate forensic responses, ostensibly eliminating the need for investigators. These programs promise to manage everything from copying hard disks to evaluating evidence. What’s more, because most of them are slated to cost less than $1,000 per license, industry watchers such as Meta Group’s King say that just about anyone with security concerns can purchase them and implement them painlessly.

While these new products could represent the democratization of computer forensics, vendors and forensics consulting companies see automation as a direct threat to their businesses. "Why would you pay to have a person secure evidence when you can have a program do it in a fraction of the time?" asks Larry Kanter, partner in charge of the computer forensics practice of PricewaterhouseCoopers. "With changes in the industry, with software that handles many of these forensic applications, I’d guess that a number of CIOs at smaller companies will handle this themselves."

NTI’s Anderson disagrees, saying that so long as human beings sit on juries, there will be a need for some degree of subjective interpretation from real live people.

Whatever happens, many forensic experts are getting ready to fight other fights. The first is political, and dozens of investigators are lining up to help U.S. government officials review the recent recommendations of the Committee of Experts on Crime in Cyber-Space, an international coalition, for a treaty espousing increased computer surveillance for law enforcement officials around the world. The second skirmish is perhaps more immediate: With a new wave of tools and techniques for computer criminals to crack into corporate networks, government experts expect 2001 to bring more computer crime than ever before and are working furiously to develop ways to stop it.