Courts and juries can put a lot of stock in an analyst's report and testimony on computer forensics. But analysts are human. They can make mistakes. This is according to Greg Kelley, CTO and co-founder of Vestige Ltd., who gave a lecture at CEIC (Computer Examinations and Investigations Conference) at Caesar's Palace in Las Vegas on May 18 on “Forensic Analysis Mistakes and How to Avoid Them.”

Vestige Digital provides consultation services that help clients identify digital evidence in the event of an incident involving electronic data. Kelley laid out a number of scenarios where investigators made mistakes in their analysis and gave attendees the lessons he learned.

Scenario 1: In a dispute among a board of directors, a director on the verge of being removed forwarded an email to the entire board. The members of the board privy to the email wondered how that director got the email, which was not sent to him. Board members feared their computers were hacked and hired a forensic analyst to determine how the board member got the email in question.