Forensic Technology is Growing: Fraud And The IT Revolution

Provided by, PricewaterhouseCoopers

With increased reliance on IT, more information is being stored on hard drives, file servers and backup systems than ever before. These are fertile grounds for potential fraudsters and the way this information is handled can decide the difference between success and failure in any fraud-mitigation effort. Welcome to the world of forensic technology.

Working closely with investigation teams, forensic technology experts work to collect and analyze a wide variety of data – from spreadsheets and word-processing files to email and instant messages – that might represent evidence of fraud activity. Using state-of-the-art recovery techniques, forensic IT specialists can resurrect information that was once assumed to be lost.

Instant messaging (IM) is a prime example. Most people think of instant messages as being purely ephemeral – that is, once sent and received, they vanish into the ether, never to be seen again. This is not entirely true, however. Depending on a system's configuration, instant messages may be retained on a computer's hard drive. New forensic technology makes it possible for specialists to track and restore this content in many cases.

"It is very much like having a recording of someone's telephone conversations," says Gregory Schaffer, director of the PricewaterhouseCoopers Forensic Technology Solutions practice and co-leader of the firm's Cyber crime Prevention & Response practice in Washington, DC. "People often use IM instead of picking up the phone, and you get off-the-cuff comments like those in a private conversation. What is said on instant messaging is often more illuminating than something that is assumed to be permanent."

IT and Audit Trails -

The work of forensic technology specialists is not as simple as firing up the suspect's computer and copying files off the hard drive. The very act of starting up a computer can compromise the integrity of critical data. To the degree litigation might ensue, having an untouched copy of the perpetrator 's data can be crucial.

Fraud cases have been lost on the grounds that the suspect's computer files could have been altered when they were opened.

Forensic technology experts can copy data – even over an active network – in ways that avoid such legal pitfalls. Further, they can help companies establish systems and procedures - some of which are now mandated by laws like the Sarbanes-Oxley Act - that ensure the integrity of electronic data for evidentiary purposes.

But technology is only part of such a system; policies and procedures are equally important. "If you have a system that is capable of keeping audit trails, but you have disabled the function, or if you have several people using the same login, it's difficult to see who is doing what," Schaffer says.

How is Computer Data Analyzed?

The direction that an investigator will adopt in a computer forensic analysis will depend initially on the scope of the particular investigation. Numerous forensic tools and procedures exist that can be used to locate material on electronic media along with identifying usage and activity of the computer system.

As mentioned earlier, the resurrection of deleted instant messages or deleted computer files is one example of an investigation. Another investigation may attempt to determine the authenticity of a document extracted from the computer.

Approaches may differ depending on available resources and scope of investigation. However, the investigative process in computer forensics is like any other investigation - methods used will depend on the skills, experience and imagination of the forensic investigator.

Value of Computer Forensics

The vast majority of today's information resides in electronic form. No inquiry process can be truly complete without considering the information that may exist in digital form. These digital fingerprints do not necessarily reside on a hard drive.

There are numerous locations, some obvious, some not so obvious, where data can survive. Data can be found on floppy disks, back-up tapes, personal organizers, building access logs, Internet postings, e-mail databases, and the list goes on.

It is important to recognize where potential information may exist, and then to ensure that this data is forensically secured by qualified forensic analysts. This should be performed as a matter of urgency, as soon as it is discovered that this data may contain information that can be used to prove or shed new light on the investigator's case.

Once data has been secured to protect its integrity, then useful information can be extracted from the data through sound forensic techniques and procedures.

The underlying principle behind this process is that any results that are produced are accountable and repeatable by any other interested party.

Business and operational factors often may dictate when computer-related data may be accessed, but ideally the forensic process should be commenced as soon as the investigation is initiated.

With the help of forensic technology experts, companies can ensure they are prepared for new legal requirements as well as the challenges that accompany complex fraud investigations.

You may like these other stories...

You probably don't want to think about how many times you access the File menu in Excel 2010 or 2013. Personally I think Excel 2010 has the best possible File menu arrangement, other than having Print Preview grafted...
Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...
For bitcoin users, the taxman cometh. And you best know how to calculate taxes owed on what the IRS calls convertible virtual currency.In March 2014, the IRS issued Notice 2014-21, which declares virtual currency will be...

Already a member? log in here.

Upcoming CPE Webinars

Sep 18
In this course, Amber Setter will shine the light on different types of leadership behavior- an integral part of everyone's career.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.