Go to Top

Computer Forensics Analysis Provides Critical Evidence in Fraud Cases

Techniques for the Examination of Electronic Evidence is Noted as an Important Research Priority for 2010 by the Institute for Fraud Prevention

- Fraud Magazine, January 2010

“…the SEC’s budget for forensic analysis of data produced in the course of its investigations must be increased by orders of magnitude.”

- Elisse B. Walter, SEC Commissioner

A “Glaring Threat”
In the wake of the Bernard Madoff $65-billion Ponzi scheme, fraud and financial misconduct continue to occupy front and center attention in our leading financial newspapers, and attorneys and governmental officials are scrambling to rein in this potentially economy – busting trend. A few recent developments…

  • The United States Department of Justice has declared financial fraud “one of the most glaring threats” facing the U.S. economy. The DOJ currently has over 5,000 pending Financial Institution Fraud cases.
  • The FDIC recently announced a 35% boost in their 2010 budget
  • Fraud Magazine has listed research into how to more effectively search for Electronically Stored Information (ESI) as a top priority for 2010. Techniques for auditing e-mail and instant messages was specifically cited.
  • The Chicago community is not immune to this trend, as highlighted in the following case study…

Business Owner Cooks the Electronic Books Before Selling His Business

A Case Study in the Application of Computer Forensics Services (An actual eDiscovery Labs Case)

The Background
An entrepreneur who owned an oil change / car wash business decided it was time to sell. A national quick-oil change chain was eager to snap-up the thriving business, particularly in light of the businesses impressive record of a high volume of oil changes sold during the last two years. A cash deal was quickly struck, and the owner walked away with a cool million dollars. It only took a few months for the new owners to realize something was terribly wrong. Traffic in the oil change facility was a mere fraction of what the owner had reported as his historical trends. The new owners began to closely examine printed reports that the previous owner had provided them durint due diligence – reports printed from the previous owners computer generated oil change volume records. In hind sight, discrepancies in the reports raised some red flags, and current actual oil change revenues were down drastically as compared to previously reported numbers.

The Response
Attorneys for the new owners launched an investigation, and hired eDiscovery Labs professionals to assist eDiscovery Labs Technology (“F-Tech”) experts performed computer forensics imaging of the computers used for generating the reports of actual automobiles being serviced ad the oil change facility in the previous two years. Printed reports that were previously provided by the owner were compared to electronically altered versions of the same reports recovered during the forensic analysis. You guessed it, the printed versions did not match the electronic versions.

The Result
Computer forensics analysis confirmed that the previous owner had altered the oil change volume records, printed reports that indicated higher volume and revenue, and then attempted to remove the electronic reports from the computers. RGL experts recovered the altered reports and crafted an expert opinion. Attorneys sued the previous owner, and used the report to leverage a satisfactory settlement.

The Take-Aways
Fraud and financial misconduct are on the rise….with a resulting increase in related litigation. Electronically Stored Information can contain the seeds forlitigation success …or a failure. Investigators and attorneys must be increasingly mindful of the critical nature of electronic evidence in successfully determining what has happened in a fraud case. A few “tips from the trenches”…

  1. Know Where to Look. Develop a thoughtful strategy for where the ESI is likely to reside. Identify the key players and collect information about where your target’s important electronic records (particularly Email and financial reports) resides.
  2. Cast Your Net Wide Enough. Remember that important ESI can be found on Blackberries and other portable devices, as well as computers. Craft your discovery requests or preservation notices to include cell phones and other hand.
  3. Early Preservation. When the whistle blower calls, or the auditor sounds the alarm, speed can be critical. Make sure you respond as soon as possible to preserve important Electronically Stored Information, particularly that ESI that has a short shelf life and may be intentionally (or unintentionally destroyed). Get a team on the ground as soon as you can to harvest important ESI. Learn how to use the new Federal Rules to your advantage.
, , , , ,

About Jeff Hartman

Jeff is a 30 year veteran of the corporate security, computer forensics, and eDiscovery community and a co-founder and partner at 4Discovery. 4Discovery is a leading provider of computer incident response and computer forensics services to attorneys, corporate security executives, and the information protection community.