Electronic Evidence

Search Strategies For Fraud Examinations

By Jean-Francois Legault

jean-legault-50x50.jpg   Digital Fingerprints 


Be careful when you’re selecting keywords so you won’t include terms that are too generic. These will likely produce a large volume of irrelevant documents that you’ll  need to review to determine relevance.

Finding the proverbial electronic evidence needle in a haystack is a major concern when analyzing electronic evidence obtained in a fraud examination. Organizations maintain huge amounts of information – from financial records to e-mails – all in electronic format.

As an investigation begins, the examiner should first be concerned with preserving digital evidence before anyone can alter or destroy it. Preserving digital evidence is achieved by acquiring a forensically sound copy of electronic media where evidence could reside. Using specialized forensic tools, the examiner can then search the forensic images for information that might be relevant to the case. Relevant information can then be extracted for further review by the examiners.


With the large volumes of data collected in many investigations today, it’s essential we filter the data to a volume that we can review. It would make no sense for a fraud examiner to read through all of upper management’s e-mails in a kickback investigation or review all the documents stored on an organization’s network to identify links to a suspected fraudulent billing scheme.

To maximize review time, one of the most efficient techniques is to construct a list of terms that can be used to search through digital evidence to identify the most relevant data. We can then review those documents that match the search terms to determine if they’re relevant.




For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.