Finding the smoking gun in a mountain of digital evidence

Powered by SC Magazine
 

Traditional forensic approaches won't cut it.

Preventing white collar crime has become a priority for the corporate community as new opportunities have arisen for fraud, information leaks and identity theft.

Criminals can hide evidence of their misdeeds within massive volumes of data stored in digital devices. This makes traditional methods of electronic investigation ineffective and unsustainable.

Pricewaterhouse Coopers' 6th Global Economic Crime Survey found 47 per cent of Australian organisations participating in the report admitted to experiencing at least one instance of economic crime in the last 12 months, up 7 per cent from 2009. 

Losses from these crimes were in excess of $5 million for 16 per cent of respondents. More often than not, investigations after the fact found the source of the crime was internal.

As crime grows, so does the volume and complexity of data investigators must examine.

The McKinsey Global Institute estimated that in 2009, companies with more than 1000 employees stored an average of 200 terabytes of data – or up to 200GB per user.

With data growing at a compound rate of 50 per cent each year, the average today would be closer to one terabyte per employee.

Evidence can be stored in laptops, desktops, smartphones, email repositories, file shares and archives. A company could also have Microsoft SharePoint sites or Lotus Notes databases. The use of cloud storage, webmail, social media and other off-premise services adds another layer of difficulty to an already complex situation.

Traditional electronic investigations would use forensic applications to examine each data source individually, than rely on human brain power to extract intelligence and find the links between them.

Finding anything valuable using these methods is prohibitively time consuming and resource intensive. Human investigators, however brilliant, can’t hope to consistently and accurately find correlations across millions of data points.

Even when you have teams of investigators, it is easy to miss connections, particularly without an automated way to identify and correlate intelligence items. Crucial data can also be buried multiple levels deep within data repositories which many forensic tools may not recognise and simply skip over.

However, technology advances have also brought new ways for investigators to find evidence. Corporate and regulatory investigators can now embrace a way of working that makes it possible to extract and cross-reference intelligence across an entire data set, including multiple data repositories, devices and geographies.

Such tools automatically highlight and extract intelligence items such as names, phone numbers, email addresses and credit card numbers, as well as allowing investigators to customise and filter by the types of intelligence they want to extract. Advanced software can automatically correlate these intelligence items to show relationships between people and entities across multiple data sources and devices.

Consider this example. A government agency recently investigated a company fraudulently selling aircraft that didn’t exist. The agency had seized approximately 40 devices containing potential evidence, including desktop and laptop computers and smartphones. Investigating each device sequentially using traditional methods would have required a team of up to 20 investigators.

The solution? The agency put forensic images of all of the data to be searched into a single storage location. They then used investigations software to process and cross-reference it which allowed a single investigator to quickly bring the most valuable evidence to the surface, enabling the agency to initiate charges.  

In addition, by searching the data set for similar documents, the investigator unearthed a series of related companies conducting fraudulent transactions for aircraft parts, boats and other high-value products, which led to further charges.

In another situation, a corporate regulator brought a case against a former director of a merchant bank for insider trading. The regulator believed the director had written the trades on his BlackBerry, but could not prove this. Using investigations software, the regulator examined the complete metadata of the bank’s BlackBerry Enterprise Server, which included codes that identified email messages the director sent to his stockbroker requesting the illegal trades. This enabled the regulator to quickly prove its case and bring successful charges.

With the explosion of the size and complexity of data, traditional methods just won’t do the job. Investigators must start looking towards technology which automatically shows relationships between people and entities across multiple data sources.  This will save time, minimise the chance of human error, reduce the impact of white collar crime and help make sure those responsible for criminal activities are held to account.

Eddie Sheehy is the chief executive officer of Australian e-discovery company Nuix.

Copyright © SC Magazine, Australia


Finding the smoking gun in a mountain of digital evidence
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1458

Vote