Tip:
Highlight text to annotate it
X
Screenshots can be another useful way to grab what's on the screen. Sometimes it's
difficult to reproduce what you may run into when you first walk up to a
computer; you see something on the screen that looks suspicious. If you were to
grab an image of the drive, that allows you to get the information that was on
that computer but it doesn't necessarily allow you to reproduce what's happening
on the screen.
And one of the challenges is, how do you take a snapshot of what's on the screen
without disturbing the computer?
Obviously can hit the print screen command; in the Mac operating system and
the Linux operating systems there's other utilities and other ways to grab screen
information but then you're changing what's on that computer. And you may not
have the ability to do that, so sometimes it's not really the easiest process but
there are things you can do. You can, of course,
capture it externally.
One of the nice things about our latest generation of mobile devices is that we can pull
out a phone, and all of our phones tend to have cameras on them these days
they tend to have some very high-resolution cameras with some really
nice photo capabilities; pull out your camera, take a snapshot of what you see
on the screen right then; capture it. Then you'll have error information,
you'll have a message of what people saw on their screen, you'll have what was on
an email that somebody was typing but did not send
and may be difficult to reproduce later. All that will be on the screen and you will have
captured it to your phone.
You also have some functions within the operating system itself. In windows you
can hit the print screen key and now you have the entire screen your clipboard.
There's other third-party utilities you can get as well on any operating
system that can grab what's on the screen and save it to a file. There's some
nice forensics capabilities and forensics programs on USB drives where you can
plug in the USB key, run the executable from there, and it will save the file
to the USB key, thereby minimizing the impact to the hard drive of that
computer itself.
A useful non-digital source of information is witnesses; finding people
who have seen something going on.
They saw co-worker acting peculiar; maybe they saw someone walk in the front
door that they didn't recognize;
and you want to find out more about what they may have seen. So, document, talk to
them,
call them, write down what they've seen,
gather information about what they happen to have identified that day and
try to get very quickly to that person.
The more time goes by, the more we tend to forget. You want to get something
that's very top of mind, very fresh in their memory.
Now keep in mind, of course, that witnesses are not one hundred percent
accurate. They're giving you an idea of what they think they saw. Sometimes what
we think we see is not actually what occurred. But in our mind that's absolutely
what happened, even if it isn't. So although the information they're giving
you,
they may feel, is absolutely one hundred-percent accurate,
you should always find ways to get a second party to verify what they're
doing or in some way
try to figure out what they're saying and try to put it in context of what
actually occurred.