The Benefits of Forensic Technology in the Information Age

Published: BVI Business, January 2015:

Authors: Andrew Seekts, Senior Manager & Sean Theron, Manager, KRyS Global

In the past five years we have seen more developments in technology than in all the years before that combined. Technology is fast, easy to access and paperless. While those developments have assisted us with our daily lives, they have also become tools for perpetrators of fraud to deceive innocent people and avoid detection. Criminals use technology to disguise their illegal dealings, and to move funds across jurisdictions and around the world. Their operations are complex and they deploy significant resources to evade detection.

This has meant that those professionals investigating fraudulent behaviour have had to keep pace. A new breed of investigator, the technology forensic professional, has developed. These professionals identify Information exchanged on a global scale and stored electronically (Electronically Stored Information or “ESI”) and conduct comprehensive analaysis to expose the fraudster and retrieve the stolen assets.

What is forensic technology?

Mention “forensics” to most people these days and their first reaction will be to think of CSI and its TV ilk: a head tilt, a sly David Caruso smile, and the revelation that the evidence has proven beyond doubt that the bad guy is guilty. In practice though, forensic technology is quite simply the process of finding truth from ESI. Forensic technology is an essential component of every financial investigation, and the vast majority of contentious, non-contentious and fraud-related litigation. It is the right team of forensic technology professionals applying an array of forensic technology tools to recover information, analyse and manage it, and employ it in building a case against alleged fraudsters and criminals.

The issues facing the forensic professional

Identifying the relevant ESI and jurisdiction where it is stored, accessing it and performing subsequent analyses: these are the key considerations a forensic professional will need to make.

The classification, collection, evaluation and analysis of digital evidence poses significant challenges, and an integral part of every forensic investigators arsenal is the use of digital data tools and technologies to overcome these. The transition from standalone computers to intricate distributed clients – server networks, mobile devices, local and wide area networks – means that there has been a significant increase in the sources of digital data a forensic investigator will be able to review. Additionally, these devices and network infrastructure can be spread across jurisdictions and will often have duplicated, or modified digital data stored on them, that may or may not be relevant to the investigation.

The significant volume of ESI created by large scale international litigation and/or frauds also represents challenges for a forensic investigation. Such is the volume of ESI being produced by these matters that random searches will rarely result in the smoking gun being detected.

In order to overcome these obstacles, experienced forensic professionals will use all the tools available to them.

The tools available to the forensic professional

eDiscovery

Electronic discovery is the process of identifying, collecting and producing electronically stored information. The processes and technologies around eDiscovery are often complex as a result of the sheer volume of ESI produced and stored. Additionally, electronic information is unlike hardcopy evidence because of its intangible form, sheer volume, transience and persistence. Electronic documents are more dynamic, and contain metadata (things like time-date stamps, author and recipient information, and file properties). Preserving this original content and metadata for ESI is essential to avoid later claims of impropriety, spoilage or tampering.

Hardcopy evidence can also form a part of eDiscovery, in that it can be digitised so we can review and analyse it in conjunction with the digital evidence.

Digital forensics

Digital forensics encompasses the recovery and investigation of material ESI stored in digital devices. It can include analysis and recovery of ESI from all kinds of storage devices: PCs, laptops, servers, mobile phones, printers and even iPods and other MP3 players. Criminals often believe that they can store their information safely using passwords and encryptions, or evade detection by deleting or destroying their information, but this is not always the case. The experienced forensic technology professional can often access the ESI despite all of these precautions, and timely action is key to ensure that ESI is not lost or overridden.

Custody chain and data handling

Once ESI has been captured, it needs to be stored securely, so as to avoid spoilage and tampering. For ESI to be used in any litigation, the forensic technology professional needs to make sure they comply with the relevant rules and laws of their jurisdiction. In particular, the preservation of metadata from electronic documents creates special challenges to prevent spoilage. Once stored, ESI can be analysed.

KRyS Global is able to record continuity in the chain of custody, showing evidence of the data being acquired, imaged and analysed. This is completed on all engagements to ensure that there are no gaps in the chain of custody and to prevent the credibility of the evidence from being called into question. The evidence therefore remains forensically credible, defensible and admissible in Court proceedings.

Data analytics

Once ESI has been captured, stored and properly preserved in a secure manner, analysis of it can begin. Trained forensic technology professionals use data mining and analytics tools to extract information from a large set of data, which is then transformed into an understandable structure for further use.

Generally, data analytics is the process of analysing large volumes of data from different perspectives with the aim of using sophisticated computer algorithms to assist with otherwise manually-intensive tasks. Additionally, it can be used to identify anomalies, misstatements, errors and deliberate distortions of results. The key in analysing ESI is the use of an experienced forensic professional, who can create the relevant algorithms and set appropriate assumptions before the analysis begins.

As an example, KRyS Global were recently appointed as experts to review a significant number of transactions through multiple bank accounts. The appointment was made as the result of a dispute between a master and feeder fund over who was entitled to the funds in these accounts. Our forensic professionals reconstructed the data and converted it into a format in which it could be analysed. Additionally, they were able to verify the work of the forensic accountants to ensure that our analysis was free of any human errors.

In another scenario, KRyS Global was engaged after unauthorised wire transfers were identified as being made from a user’s bank account. Our forensic technology professionals identified that it was likely to be a malicious attack by a hacker and, employed the most appropriate tools to identify points of entry, the method of attack, and the techniques used by the hacker to perpetrate the fraud.

Conclusion

Just because fraudsters are increasingly using sophisticated technology to evade detection, there is no need to lose hope. The very technology that criminals are using to move funds around the world leaves a trail of ESI, and that ESI can provide the key to pursuing them, and recovering the assets. Our experienced forensic professionals have all the tools they need to collect, retain and access ESI, and to assist with them conducting their review. The above provides a very brief overview of what is an extremely complex field. And as with all complex matters, the key to being able to understand and utilise the processes and tools available is through the use of experienced and trained professionals. At KRyS Global, our Ferret – Forensic Technology Services team offers all the services described above over our six locations, including the British Virgin Islands. The service line was launched in response to the ever changing landscape of forensic investigations and increasing digitilisation of information.

http://issuu.com/oysterglobalmarketing/docs/busbvi_jan15_upload