In Part 1 of 5 in our continuing series about myths, we discuss the misconception that Computer Forensics Are Probably Not Necessary.
There is a fraud case in your company, but management assumes that the suspect has erased all traces of his/her activities on their computer. They think it’s probably not worth investigating the device and decide to simply use the evidence the accountants have found to confront the suspect.
The reality is that most people who have no training as either IT specialists, intelligence officers, criminal investigators, or cyber-criminals do not know how to erase their traces on a computer. Most have partial knowledge of it at best. If you look at 10 different categories of computer logs that can be helpful during a fraud investigation, investigators often find that about 2-3 categories tops may have been deleted, while 7-8 categories were left completely undisturbed by the suspect because they had no idea that this data was being logged in the first place.
We are not going to reveal here what exactly these categories of data typically entail because – well – we are not in the business of helping criminals cover their tracks.
Suffice it to say that most people who commit fraud are regular people; white-collar managers trained for business, sales, engineering, or some related field, but not for fraud or how to keep their digital trail invisible. Unbeknownst to them, there is bound to be some evidence left on their devices. Count on it.
DO
If you have a fraud case in your company, we highly recommend that you seize the suspect’s computer(s), such as their laptop, smartphone, and tablet. Lock them away securely and document who gave the device(s) to whom and when. Then have expert IT investigators look at the hard drive in their professional forensic laboratory.
DON’T
Even though it is tempting, don’t let your own IT department boot up the device to look for clues on it. The boot and search process itself will alter or destroy evidence and render everything inadmissible in court because these activities leave a trail of unintended data on the computer, inevitably contaminating the results.
Any court judge will throw out this type of evidence. Let expert contractors do the job and preserve the integrity of the evidence.
ALSO
Try to avoid hiring fraudsters in your company in the first place. As obvious as that sounds, the key here is to screen candidates for sensitive positions with a professional background check before you hire them. The goal is to see whether there are any serious red flags, such as shameless embellishments or outright lies on their resumes, or integrity and security issues in their past.
Not every job candidate with a padded resume is going to turn into a fraudster later, of course. But nearly all people who commit fraud have at some point in their careers lied substantially on their resumes, according to studies.
Watch out for Part 2 next week: How to Filter Out Job Applicants Who Have Integrity Issues
The author:
Sebastian Okada heads Corporate Trust’s Investigation & Fraud Prevention department in Munich. For over 15 years, he has conducted fraud investigations at home and abroad.
+49 89 599 88 75 80
Corporate Trust Sicherheitsblog 