Forensic Technology is Growing: Fraud And The IT Revolution | AccountingWEB

Forensic Technology is Growing: Fraud And The IT Revolution

Provided by, PricewaterhouseCoopers

With increased reliance on IT, more information is being stored on hard drives, file servers and backup systems than ever before. These are fertile grounds for potential fraudsters and the way this information is handled can decide the difference between success and failure in any fraud-mitigation effort. Welcome to the world of forensic technology.

Working closely with investigation teams, forensic technology experts work to collect and analyze a wide variety of data – from spreadsheets and word-processing files to email and instant messages – that might represent evidence of fraud activity. Using state-of-the-art recovery techniques, forensic IT specialists can resurrect information that was once assumed to be lost.

Instant messaging (IM) is a prime example. Most people think of instant messages as being purely ephemeral – that is, once sent and received, they vanish into the ether, never to be seen again. This is not entirely true, however. Depending on a system's configuration, instant messages may be retained on a computer's hard drive. New forensic technology makes it possible for specialists to track and restore this content in many cases.

"It is very much like having a recording of someone's telephone conversations," says Gregory Schaffer, director of the PricewaterhouseCoopers Forensic Technology Solutions practice and co-leader of the firm's Cyber crime Prevention & Response practice in Washington, DC. "People often use IM instead of picking up the phone, and you get off-the-cuff comments like those in a private conversation. What is said on instant messaging is often more illuminating than something that is assumed to be permanent."

IT and Audit Trails -

The work of forensic technology specialists is not as simple as firing up the suspect's computer and copying files off the hard drive. The very act of starting up a computer can compromise the integrity of critical data. To the degree litigation might ensue, having an untouched copy of the perpetrator 's data can be crucial.

Fraud cases have been lost on the grounds that the suspect's computer files could have been altered when they were opened.

Forensic technology experts can copy data – even over an active network – in ways that avoid such legal pitfalls. Further, they can help companies establish systems and procedures - some of which are now mandated by laws like the Sarbanes-Oxley Act - that ensure the integrity of electronic data for evidentiary purposes.

But technology is only part of such a system; policies and procedures are equally important. "If you have a system that is capable of keeping audit trails, but you have disabled the function, or if you have several people using the same login, it's difficult to see who is doing what," Schaffer says.

How is Computer Data Analyzed?

The direction that an investigator will adopt in a computer forensic analysis will depend initially on the scope of the particular investigation. Numerous forensic tools and procedures exist that can be used to locate material on electronic media along with identifying usage and activity of the computer system.

As mentioned earlier, the resurrection of deleted instant messages or deleted computer files is one example of an investigation. Another investigation may attempt to determine the authenticity of a document extracted from the computer.

Approaches may differ depending on available resources and scope of investigation. However, the investigative process in computer forensics is like any other investigation - methods used will depend on the skills, experience and imagination of the forensic investigator.

Value of Computer Forensics

The vast majority of today's information resides in electronic form. No inquiry process can be truly complete without considering the information that may exist in digital form. These digital fingerprints do not necessarily reside on a hard drive.

There are numerous locations, some obvious, some not so obvious, where data can survive. Data can be found on floppy disks, back-up tapes, personal organizers, building access logs, Internet postings, e-mail databases, and the list goes on.

It is important to recognize where potential information may exist, and then to ensure that this data is forensically secured by qualified forensic analysts. This should be performed as a matter of urgency, as soon as it is discovered that this data may contain information that can be used to prove or shed new light on the investigator's case.

Once data has been secured to protect its integrity, then useful information can be extracted from the data through sound forensic techniques and procedures.

The underlying principle behind this process is that any results that are produced are accountable and repeatable by any other interested party.

Business and operational factors often may dictate when computer-related data may be accessed, but ideally the forensic process should be commenced as soon as the investigation is initiated.

With the help of forensic technology experts, companies can ensure they are prepared for new legal requirements as well as the challenges that accompany complex fraud investigations.

Wait, there's more!
There's always more at AccountingWEB. We're an active community of financial professionals and journalists who strive to bring you valuable content every day. If you'd like, let us know your interests and we'll send you a few articles every week either in taxation, practice excellence, or just our most popular stories from that week. It's free to sign up and to be a part of our community.
Premium content is currently locked

Editor's Choice

WHAT KIND OF FIRM ARE YOU?
As part of our continued effort to provide valuable resources and insight to our subscribers, we're conducting this brief survey to learn more about your personal experiences in the accounting profession. We will be giving away five $50 Amazon gift cards, and a $250 Amazon gift card to one lucky participant.
This is strictly for internal use and data will not be sold
or shared with any third parties.