What confidential information does your photocopier store?

IT Group have found the humble photocopier to be a potential source of evidence in the search for electronic documents. These machines can be examined forensically for inappropriate copying of confidential information and documents.

Since around 2002 most multifunction photocopiers and printers have contained PC-style hard drives which store the documents that are copied, scanned, and printed. They also store data in DRAM memory, as used in conventional computers.

Moreover, these machines often track usage, retaining the date, time and sometimes user details for feeding through to billing software (whether that is in use or not). Commonly, they are also used across office networks and, therefore the network servers are likely to store details of their use.

This can be a real security issue when leased machines go out of contract and are then re-sold still containing confidential data. However over time manufacturers have provided a level of security to their printers, which can include encryption and, most commonly, overwriting of the data.

However, these features are often supplied as optional extras and need to be properly set up. This is why many copier suppliers and data destroyers continue to offer to remove data from your copier hard drive at end of life.

So, the modern copier provides another source of data for potential examination in cases where there has been inappropriate use of a client’s confidential information. Drawings, contracts, lists, etc may have been simply photocopied, but the user may not be aware that the photocopier is holding a record of its use and an image of the document.