Forensic Technology is Growing: Fraud And The IT Revolution

Provided by, PricewaterhouseCoopers

With increased reliance on IT, more information is being stored on hard drives, file servers and backup systems than ever before. These are fertile grounds for potential fraudsters and the way this information is handled can decide the difference between success and failure in any fraud-mitigation effort. Welcome to the world of forensic technology.

Working closely with investigation teams, forensic technology experts work to collect and analyze a wide variety of data – from spreadsheets and word-processing files to email and instant messages – that might represent evidence of fraud activity. Using state-of-the-art recovery techniques, forensic IT specialists can resurrect information that was once assumed to be lost.

Instant messaging (IM) is a prime example. Most people think of instant messages as being purely ephemeral – that is, once sent and received, they vanish into the ether, never to be seen again. This is not entirely true, however. Depending on a system's configuration, instant messages may be retained on a computer's hard drive. New forensic technology makes it possible for specialists to track and restore this content in many cases.

"It is very much like having a recording of someone's telephone conversations," says Gregory Schaffer, director of the PricewaterhouseCoopers Forensic Technology Solutions practice and co-leader of the firm's Cyber crime Prevention & Response practice in Washington, DC. "People often use IM instead of picking up the phone, and you get off-the-cuff comments like those in a private conversation. What is said on instant messaging is often more illuminating than something that is assumed to be permanent."

IT and Audit Trails -

The work of forensic technology specialists is not as simple as firing up the suspect's computer and copying files off the hard drive. The very act of starting up a computer can compromise the integrity of critical data. To the degree litigation might ensue, having an untouched copy of the perpetrator 's data can be crucial.

Fraud cases have been lost on the grounds that the suspect's computer files could have been altered when they were opened.

Forensic technology experts can copy data – even over an active network – in ways that avoid such legal pitfalls. Further, they can help companies establish systems and procedures - some of which are now mandated by laws like the Sarbanes-Oxley Act - that ensure the integrity of electronic data for evidentiary purposes.

But technology is only part of such a system; policies and procedures are equally important. "If you have a system that is capable of keeping audit trails, but you have disabled the function, or if you have several people using the same login, it's difficult to see who is doing what," Schaffer says.

How is Computer Data Analyzed?

The direction that an investigator will adopt in a computer forensic analysis will depend initially on the scope of the particular investigation. Numerous forensic tools and procedures exist that can be used to locate material on electronic media along with identifying usage and activity of the computer system.

As mentioned earlier, the resurrection of deleted instant messages or deleted computer files is one example of an investigation. Another investigation may attempt to determine the authenticity of a document extracted from the computer.

Approaches may differ depending on available resources and scope of investigation. However, the investigative process in computer forensics is like any other investigation - methods used will depend on the skills, experience and imagination of the forensic investigator.

Value of Computer Forensics

The vast majority of today's information resides in electronic form. No inquiry process can be truly complete without considering the information that may exist in digital form. These digital fingerprints do not necessarily reside on a hard drive.

There are numerous locations, some obvious, some not so obvious, where data can survive. Data can be found on floppy disks, back-up tapes, personal organizers, building access logs, Internet postings, e-mail databases, and the list goes on.

It is important to recognize where potential information may exist, and then to ensure that this data is forensically secured by qualified forensic analysts. This should be performed as a matter of urgency, as soon as it is discovered that this data may contain information that can be used to prove or shed new light on the investigator's case.

Once data has been secured to protect its integrity, then useful information can be extracted from the data through sound forensic techniques and procedures.

The underlying principle behind this process is that any results that are produced are accountable and repeatable by any other interested party.

Business and operational factors often may dictate when computer-related data may be accessed, but ideally the forensic process should be commenced as soon as the investigation is initiated.

With the help of forensic technology experts, companies can ensure they are prepared for new legal requirements as well as the challenges that accompany complex fraud investigations.

You may like these other stories...

Regulatory compliance, risk management and cost-cutting are the big heartburn issues for finance execs in the C-suite. Yet financial planning and analysis—a key antacid—is insufficient.That's just one of the...
Continuing its efforts to simplify accounting procedures, the FASB has issued a proposed Accounting Standards Update on customer fees paid in a cloud computing arrangement. The newly-proposed update (Intangibles—...
How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...

Already a member? log in here.

Upcoming CPE Webinars

Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.