Fighting fraud electronically
Electronics are the key to combating fraud, and it is the storage capacity of modern electronic equipment that holds the key to the increasing wave of computer crime.
"This is the ideal place to start in the search for evidence; then the trick is to be able to navigate the maze of information quickly and focus on the key information," says Kajen Subramoney of KPMG Forensic Technology, specialist in extraction and analysis of electronic evidence.
Subramoney combines his background in computer engineering with strict forensic principles to maximise the technology available to collect data from electronic media and process it down to a manageable amount for review.
Electronic evidence is important for a number of reasons:
* There is a large amount of it.
* It is durable – ’delete’ on a computer does not mean ’delete’, so it is possible for specialists to retrieve such data.
* It includes new types of objective documentary evidence – computers routinely store ’invisible’ information without the knowledge of the user (metadata), for instance as to when a particular letter was created, modified or read, and by whom and when.
* The casual nature of e-mails makes them a rich source for revealing evidence.
Subramoney says the key to success lies in the strategy employed by investigators to attack the mountain of electronic evidence in a methodical way.
The first stage is to plan the collection and review of electronic evidence carefully, prioritising different sources or types of evidence.
The next step is to secure the data. The routine destruction or recycling of back-up and other electronic media may need to be halted. It may also be sensible to take an immediate back-up as a snapshot of the data at that time.
Investigators need to identify the individuals who may have created or received relevant electronic data and then locate it.
This may be found in a number of locations, such as:
- Laptop and desktop computer hard drives;
- Shared areas on network servers – e-mail files are usually stored on a dedicated e-mail server, while documents relating to a specific project may be stored in a folder on a dedicated drive;
- Portable media – CDs and memory sticks;
- Back-up tapes;
- Live databases – (e.g., stock, sales, and accounting and client relationship management databases) tend to be ’living’ documents that evolve each day.
"The key skill is to be able to comprehensively guide clients through the potential minefield of data protection and human rights legislation to ensure that any data recovery exercise will yield admissible evidence," adds Subramoney.
Loading ...