David Benford Forensic Article International Accountant60


Published on

This is an article I wrote on how digital forensics can help SME businesses. It was published in International Accountant Magazine which is published by AIA Worldwide.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

David Benford Forensic Article International Accountant60

  1. 1. September/October 2011INTERNATIONALACCOUNTANT Issue 60 FEATURES INCLUDE Tax Business UK VAT amnesty Digital forensics Cross-cultural communication Language is just the beginning
  2. 2. 24
  3. 3. DIGItAL FoRensICsDigital forensics– and why yourcompany needs itComputer and mobile phone-related crime in the workplace is on theincrease, but digital detectives have the tools and the skill to track downthe cyber crooks, says David BenfordC omputers and digital information imagine are enough to prevent their data crimes and can be less willing to devote are becoming increasingly essential being targeted. A report last year by online resources to relatively low-level theft or for all aspects of our lives – at identity experts Garlik revealed that in what are effectively instances of grosswork, at play, and just about everywhere 2008 online banking fraud had increased misconduct, which may be very importantin-between. Whether it’s computers at by 132 percent on the previous year with to the companies involved, but not ofthe office or mobile phones, we’ve very losses totalling £52.5m, and blamed the particular interest to the forces of lawquickly become accustomed to keeping increase in part on the complacency of the and order. Increasingly, firms are findingand using important information in public, who tended to feel that their digital it worthwhile to hire their own privatevirtual environments. But our familiarity security was taken care of. investigators to gather evidence that canwith digital data breeds contempt for its be given to the police either as a basis forsecurity, a fact that all too many criminals Complacency further investigation or as evidence forand chancers are prepared to take That complacency doesn’t make the prosecution.advantage of. business of detecting cyber crime The recent major police investigation any easier. Even the police admit that Danger withinfollowing the revelations about phone they’re stretched by the sheer amount of But while there are certainly risks fromhacking at the News of the World is only computer-related crime that’s occurring tech-savvy criminal masterminds targetingthe most high-profile example of forensic today, and the level of training that’s the data of individuals and corporates,examination of mobile phones and other the danger can also be much closer torecords revealing evidence of criminal home. As we all become more adept atactivity. Sadly, it’s just the tip of the iceberg, Even the police admit using computer systems, it becomes easierand there are many more cases of theft, for employees to abuse those systems,fraud and other wrongdoing involving the that they’re stretched by and many firms are finding it prudentuse of computers and phones. to protect themselves against the risk of The annual Global Fraud Survey the sheer amount of computer-related crime, be it outright theftconducted by risk consultants Kroll found computer-related crime or industrial espionage.that as many as 18 percent of companies The economic downturn increaseshad suffered an internal financial fraud or that’s occurring today the motive for crime among those whotheft in 2009, with 14 percent suffering might not have considered it had thingsfrom identity theft, piracy or counterfeiting. been going well, and there are many waysAccording to a survey last year by IT giant needed to deal with it. Every police force essential data can be obtained from aVerizon Business, in 2008 alone, more now has a sector dedicated to this type of company’s computer system – by copyingthan 285 million computer records were crime, but the nature of the beast is that to a CD or similar disc, to a USB data key, orcompromised, that is more than the it changes rapidly, making it extremely even transmitted wirelessly by Bluetoothprevious four years combined. difficult to expand and adapt to keep on or Wi-Fi. Professional forensic analysis of The cyber criminal’s job is made easier top of it. a computer system can reveal what databy our growing reliance on automatic Even then, the police tend to be has been transferred, as well as how, whensecurity procedures, which many people focused on serious and high-profile and even by whom. It’s like a trail of digital 25
  4. 4. DIGItAL FoRensICsfingerprints clearly traceable by those who investigation involved the analysis of a Benford, MD of Blackstage Forensics,know where to look. company-owned iPhone after a business “but it’s still an area that’s not always suspected that one of its managers was fully understood by firms or the police.Digital detectives making contact with a local competitor. Digital forensics is a highly specialistIn the UK there are just a few firms offering This was denied by the suspect and their field that requires specialised tools andforensic examination of computers. phone was analysed to reveal details of all a high degree of skill and experience.Companies such as Midlands-based possible calls made and received. All our practitioners have had specialistBlackstage Forensics use sophisticated The analysis results revealed that training and certification, and follow strictdigital forensics technology and advanced there was no conclusive evidence of any guidelines relating to industry practice andinvestigation techniques to examine wrongdoing, and therefore no cause to legal requirements, as well as keeping upanything from an individual’s Blackberry proceed with any legal action. Since it was to date with the latest developments in theor laptop to every computer on a a company-owned phone, it was able to field.”company’s network to establish evidence be retained by the organisation ‘for anof wrongdoing, even if steps have been upgrade’ without the suspect realising they the business of investigationtaken by criminals to cover their tracks. were being investigated. There has never High profile investigations can involveThe company specialises in examining been any need to make them aware that many hours of work and cost a great dealmobile devices such as phones, PDAs, sat of money, depending on the complexity ofnavs, memory sticks – even iPods – and each case. Many investigations however,the evidence they uncover can be offered Digital forensics is a especially those involving cases ofto police to encourage an investigation, or misconduct rather than criminality, can bepresented as evidence in UK courts of law. highly specialist field that completed quickly for relatively little cost. One recent case involved a long-term Professional digital investigators canemployee who had been stealing from requires specialised tools quote for an examination of a single hardtheir firm. Blackstage was able to uncover and a high degree of skill drive or to forensically extract data fromevidence of relevant data which had every computer a company owns withbeen transferred to a memory stick and and experience prices starting from as little as £100 tothe creation of false invoices. The same examine a mobile phone SIM card, makingtechniques can be applied to mobile it a service that’s just as accessible for SMEsphones – in a recent civil case, the accused as it is for large multinationals.had denied calling the victim, but a Some agencies also offer a spot-forensic search of their phone produced check service, where investigators carryproof that they had, despite an attempt to out a random audit of a selection of aerase evidence of the call. company’s digital devices on an annual or In another case, a company suspended bi-annual basis. In many cases the fact thatthe personal assistants of two of its employees know their company-owneddirectors, after suspecting that they equipment may be examined at any timehad not only been selling redundant is enough to discourage casual misusecompany equipment on eBay, but that of their employer’s property, whetherthey had borrowed tens of thousands it be receiving an excessive amount ofof pounds from individual members of personal calls, spending too much time onstaff. Blackstage performed a complex Facebook, or downloading inappropriateexamination of the suspects’ mobile they had ever been a suspect.  material.phones, which involved manually In another incident this year, the News Blackstage’s David Benford says: “Thedecoding the binary data recovered of the World was exposed as the victim of police have an enormous workloaddirectly from the phone chips. an elaborate hoax involving former Celtic and may not always have the resources The investigation revealed evidence goalkeeper Artur Boruc. The paper claimed available to investigate corporate crimesof a third member of staff who had been he’d been cheating on his pregnant fiancée and violations. That’s where we come in.collaborating with the two suspects in by sending sexually explicit text messages The evidence we find can be used eitherdefrauding the organisation. All three were to another woman. When Boruc sued the internally to deal with inappropriate usedismissed immediately and the company paper, forensic examination of mobile of company property, but in more seriouswas satisfied that all the guilty parties phones revealed that he couldn’t have sent cases it also has legal value which can behad been identified. Without forensic the texts from a Glasgow hotel, as claimed, presented to the police for use in a criminalexamination of the phones however, the since he’d been on holiday in Sardinia at investigation.”‘third man’ might have escaped detection the time. The paper agreed to pay £70,000, It’s an unavoidable fact that computer-and continued their criminal activities from a record amount for a Scottish libel case, related crime is becoming morewithin the company. and identified a local man who had been prevalent. But so are the means to Forensic analysis doesn’t just help to responsible for weaving a web of lies combat it, so long as we know where andidentify the guilty, it can also be used against the player. how to use them. Digital forensics mayto protect the innocent, and it’s not “Computer-related crime and not be all of the answer, but it can be anuncommon for forensic analysis to remove misconduct is an increasing area of invaluable tool for helping to secure yoursuspicion from employees. Another recent concern for many companies,” says David company’s digital assets. 27