This is an article I wrote on how digital forensics can help SME businesses. It was published in International Accountant Magazine which is published by AIA Worldwide.
3. DIGItAL FoRensICs
Digital forensics
– and why your
company needs it
Computer and mobile phone-related crime in the workplace is on the
increase, but digital detectives have the tools and the skill to track down
the cyber crooks, says David Benford
C
omputers and digital information imagine are enough to prevent their data crimes and can be less willing to devote
are becoming increasingly essential being targeted. A report last year by online resources to relatively low-level theft or
for all aspects of our lives – at identity experts Garlik revealed that in what are effectively instances of gross
work, at play, and just about everywhere 2008 online banking fraud had increased misconduct, which may be very important
in-between. Whether it’s computers at by 132 percent on the previous year with to the companies involved, but not of
the office or mobile phones, we’ve very losses totalling £52.5m, and blamed the particular interest to the forces of law
quickly become accustomed to keeping increase in part on the complacency of the and order. Increasingly, firms are finding
and using important information in public, who tended to feel that their digital it worthwhile to hire their own private
virtual environments. But our familiarity security was taken care of. investigators to gather evidence that can
with digital data breeds contempt for its be given to the police either as a basis for
security, a fact that all too many criminals Complacency further investigation or as evidence for
and chancers are prepared to take That complacency doesn’t make the prosecution.
advantage of. business of detecting cyber crime
The recent major police investigation any easier. Even the police admit that Danger within
following the revelations about phone they’re stretched by the sheer amount of But while there are certainly risks from
hacking at the News of the World is only computer-related crime that’s occurring tech-savvy criminal masterminds targeting
the most high-profile example of forensic today, and the level of training that’s the data of individuals and corporates,
examination of mobile phones and other the danger can also be much closer to
records revealing evidence of criminal home. As we all become more adept at
activity. Sadly, it’s just the tip of the iceberg,
Even the police admit using computer systems, it becomes easier
and there are many more cases of theft, for employees to abuse those systems,
fraud and other wrongdoing involving the that they’re stretched by and many firms are finding it prudent
use of computers and phones. to protect themselves against the risk of
The annual Global Fraud Survey the sheer amount of computer-related crime, be it outright theft
conducted by risk consultants Kroll found
computer-related crime or industrial espionage.
that as many as 18 percent of companies The economic downturn increases
had suffered an internal financial fraud or that’s occurring today the motive for crime among those who
theft in 2009, with 14 percent suffering might not have considered it had things
from identity theft, piracy or counterfeiting. been going well, and there are many ways
According to a survey last year by IT giant needed to deal with it. Every police force essential data can be obtained from a
Verizon Business, in 2008 alone, more now has a sector dedicated to this type of company’s computer system – by copying
than 285 million computer records were crime, but the nature of the beast is that to a CD or similar disc, to a USB data key, or
compromised, that is more than the it changes rapidly, making it extremely even transmitted wirelessly by Bluetooth
previous four years combined. difficult to expand and adapt to keep on or Wi-Fi. Professional forensic analysis of
The cyber criminal’s job is made easier top of it. a computer system can reveal what data
by our growing reliance on automatic Even then, the police tend to be has been transferred, as well as how, when
security procedures, which many people focused on serious and high-profile and even by whom. It’s like a trail of digital
25
4. DIGItAL FoRensICs
fingerprints clearly traceable by those who investigation involved the analysis of a Benford, MD of Blackstage Forensics,
know where to look. company-owned iPhone after a business “but it’s still an area that’s not always
suspected that one of its managers was fully understood by firms or the police.
Digital detectives making contact with a local competitor. Digital forensics is a highly specialist
In the UK there are just a few firms offering This was denied by the suspect and their field that requires specialised tools and
forensic examination of computers. phone was analysed to reveal details of all a high degree of skill and experience.
Companies such as Midlands-based possible calls made and received. All our practitioners have had specialist
Blackstage Forensics use sophisticated The analysis results revealed that training and certification, and follow strict
digital forensics technology and advanced there was no conclusive evidence of any guidelines relating to industry practice and
investigation techniques to examine wrongdoing, and therefore no cause to legal requirements, as well as keeping up
anything from an individual’s Blackberry proceed with any legal action. Since it was to date with the latest developments in the
or laptop to every computer on a a company-owned phone, it was able to field.”
company’s network to establish evidence be retained by the organisation ‘for an
of wrongdoing, even if steps have been upgrade’ without the suspect realising they the business of investigation
taken by criminals to cover their tracks. were being investigated. There has never High profile investigations can involve
The company specialises in examining been any need to make them aware that many hours of work and cost a great deal
mobile devices such as phones, PDAs, sat of money, depending on the complexity of
navs, memory sticks – even iPods – and each case. Many investigations however,
the evidence they uncover can be offered Digital forensics is a especially those involving cases of
to police to encourage an investigation, or misconduct rather than criminality, can be
presented as evidence in UK courts of law. highly specialist field that completed quickly for relatively little cost.
One recent case involved a long-term Professional digital investigators can
employee who had been stealing from requires specialised tools quote for an examination of a single hard
their firm. Blackstage was able to uncover and a high degree of skill drive or to forensically extract data from
evidence of relevant data which had every computer a company owns with
been transferred to a memory stick and and experience prices starting from as little as £100 to
the creation of false invoices. The same examine a mobile phone SIM card, making
techniques can be applied to mobile it a service that’s just as accessible for SMEs
phones – in a recent civil case, the accused as it is for large multinationals.
had denied calling the victim, but a Some agencies also offer a spot-
forensic search of their phone produced check service, where investigators carry
proof that they had, despite an attempt to out a random audit of a selection of a
erase evidence of the call. company’s digital devices on an annual or
In another case, a company suspended bi-annual basis. In many cases the fact that
the personal assistants of two of its employees know their company-owned
directors, after suspecting that they equipment may be examined at any time
had not only been selling redundant is enough to discourage casual misuse
company equipment on eBay, but that of their employer’s property, whether
they had borrowed tens of thousands it be receiving an excessive amount of
of pounds from individual members of personal calls, spending too much time on
staff. Blackstage performed a complex Facebook, or downloading inappropriate
examination of the suspects’ mobile they had ever been a suspect. material.
phones, which involved manually In another incident this year, the News Blackstage’s David Benford says: “The
decoding the binary data recovered of the World was exposed as the victim of police have an enormous workload
directly from the phone chips. an elaborate hoax involving former Celtic and may not always have the resources
The investigation revealed evidence goalkeeper Artur Boruc. The paper claimed available to investigate corporate crimes
of a third member of staff who had been he’d been cheating on his pregnant fiancée and violations. That’s where we come in.
collaborating with the two suspects in by sending sexually explicit text messages The evidence we find can be used either
defrauding the organisation. All three were to another woman. When Boruc sued the internally to deal with inappropriate use
dismissed immediately and the company paper, forensic examination of mobile of company property, but in more serious
was satisfied that all the guilty parties phones revealed that he couldn’t have sent cases it also has legal value which can be
had been identified. Without forensic the texts from a Glasgow hotel, as claimed, presented to the police for use in a criminal
examination of the phones however, the since he’d been on holiday in Sardinia at investigation.”
‘third man’ might have escaped detection the time. The paper agreed to pay £70,000, It’s an unavoidable fact that computer-
and continued their criminal activities from a record amount for a Scottish libel case, related crime is becoming more
within the company. and identified a local man who had been prevalent. But so are the means to
Forensic analysis doesn’t just help to responsible for weaving a web of lies combat it, so long as we know where and
identify the guilty, it can also be used against the player. how to use them. Digital forensics may
to protect the innocent, and it’s not “Computer-related crime and not be all of the answer, but it can be an
uncommon for forensic analysis to remove misconduct is an increasing area of invaluable tool for helping to secure your
suspicion from employees. Another recent concern for many companies,” says David company’s digital assets.
27