The field of IT forensics is centered around the task of scouring, safeguarding, and scrutinizing digital evidence. Whenever suspicious activities relating to computer systems and IT infrastructure are identified, it is possible that a breach of regulations may have occurred, which requires a comprehensive examination of the data and the forensically sound acquisition of new evidence.
A typical source of fraudsters is none other than disgruntled employees. The root cause of their discontent can vary, but those with the necessary knowledge of internal processes, adequate access permissions, and a propensity for criminal activity could be driven to seek ill-gotten gains at the company's expense.
One of our esteemed sponsors, Swiss FTS, encountered such a scenario at one of their clients when suspicions arose that a staff member was artificially inflating a supplier's fixed prices, whilst having family ties to them. An IT forensics expert was promptly enlisted to conduct a thorough investigation of the employee's computer devices in order to validate the allegations.
The forensic specialist examined three local workstations and a hard disk extracted from a laptop. During the investigation, the suspicion of unlawful activities was confirmed through analysis of retrieved files and the observation that the removed hard disk did not belong to the original laptop. It became apparent that the suspect was alerted to the impending seizure of their devices and had attempted to cover their tracks by deleting files and swapping the hard drive of their laptop. These findings led to a protracted extension of the inquiry, culminating in the analysis of a staggering 2 terabytes of data.
Swiss FTS relied on their well-honed expertise to securely acquire and scrutinize digital evidence. Their certified experts ensured that the evidence was obtained and analyzed in a professional and comprehensive manner. After obtaining potential sources of data, they employed specialized forensic software to recover data that had been intentionally or unintentionally deleted.
Perpetrators of misconduct frequently attempt to erase incriminating data from storage devices. Even if secure deletion software was employed to irretrievably delete the data, traces can be identified that may indicate that the suspect has attempted to conceal evidence. In the event that a suspect endeavors to destroy a hard drive or other storage device to prevent the recovery of data, it may still be feasible to extract fragments of data by applying specialized procedures in a cleanroom setting and utilizing professional software tools.
Swiss FTS is a leading Digital Forensics, eDiscovery, and Information Governance service provider that architects, implements, and manages national and international projects across a range of sizes and industries. The best way to get in touch with them is by contacting Rogier Teo.
