Computer Forensics for the Fraud Examiner

To outsource or not? Deciding if you need a digital evidence forensic examiner

By Richard D. Cannon, CFE, CFCE
Fraud Bytes

It's a common scenario. ABC Company's internal fraud examiner receives an anonymous complaint that John Doe in the sales department may be using his contacts and company relationships to cultivate his own business and undercut the firm. Supposedly, he intends to resign his position and take a portion of the firm's customers with him. It's a strong allegation. How do you proceed?  

If you've been paying attention to the ever-changing world of fraud examination then you've no doubt considered acquiring the services of a digital evidence forensic examiner. You may have even thought of hiring an outside firm or bring someone on staff to aid in ongoing internal examinations. Or perhaps you're still trying to decide if a digital evidence forensic examiner actually could add anything to your fraud examinations.

Let's start with terminology. A forensic expert in the field takes all precautions and uses best practices in handling all evidence - digital or otherwise - when preparing it for the courtroom. Also, the forensic expert has properly obtained and secured the evidence and has maintained a secure chain of custody. The digital evidence forensic examiner can also be called a computer forensic examiner but the former title is now probably more appropriate because digital evidence is no longer confined just to desktop and laptop computers. It's contained in any electronic device that stores information: cell phones, pagers, cameras, PDAs, and other handheld devices. As companies move to a paperless culture, more evidence will be digital. Deleted documents, e-mail messages, visited Web sites, and evidence of installed software applications are just a sampling of the evidence that can be recovered by a digital evidence examiner. The registry (the internal database Windows uses to store information about installed hardware and software) of the current offering of Microsoft's Windows XP contains an incredible amount of additional information such as Website passwords, and recently typed-in URL addresses for the Internet browser.

Digital evidence examiners are increasingly being used in litigation support and e-discovery requests. (Electronic or e-discovery is the process of requesting information in electronic form.) Electronic discovery represents a paradigm shift from traditional document discovery to this present age of digital information. Unlike paper documents that can go missing from a physical file, electronic versions of documents rarely can be destroyed completely in all their forms or from all the possible places they might be stored. You can use digital evidence forensic examiners to help craft the e-discovery request to find evidence as well as help in responding to such a request. Even though fraudsters may attempt to destroy digital evidence, a trained examiner knows where potential evidence might exist that the "wiping" software might have missed. Also, the digital evidence forensic examiner can report on the telltale signs that indicate fraudsters used a program designed to eliminate evidence.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.

 Your Rating:
Your Review: