The Role of Electronic Evidence in Corporate Fraud or Misconduct – What you need to know

22 September 2016

Michael Cassidy , National Leader, Forensic Services |

The convergence of information systems and communications technologies has dramatically changed the nature of corporate life with digital technologies present throughout all aspects of business activity. Whilst such developments have provided us with so many benefits and will continue to do so, the flip side is the multiple opportunities that arise for people to do the wrong thing.

How would your organisation go about responding to an internal fraud or misconduct incident?

The biggest issue when it comes to internal fraud or misconduct incidences concerns the management of electronic information that lives on your corporate network.  More specifically, the identification of information that may evidence any alleged wrong doing or irregularities and the subsequent retrieval of this information.

Despite the best of intentions the sheer number of variables involved when it comes to staff and their interactions with corporate electronic information are infinite.

Common oversights

In light of this, organisations should be aware and on the lookout for ‘red flag’ instances such as those outlined below. Occurrences like these can often be indicative of irregular behaviour.

  • employees deleting large amounts of emails
  • key employees resigning
  • large amounts of data moving out of business hours
  • out of hours remote access
  • ghost user accounts

What information can be retrieved?

Whilst there are literally hundreds of different data types that forensic experts can recover from information systems, some of the more common items include the following: 

  • Recovery of email information
  • Reviewing internet usage & timeline of computer activity
  • Recovery of deleted files
  • Recovery of bypass passwords for computers and/or documents
  • Identifying files and folders opened on the computer
  • Tracking document creation and editing
  • Identifying external devices (e.g. USB’s, iPod, tablets etc.) connected to computer

This sort of data is automatically retained on all computers that are in use.

Benefits of Using a Forensic Technology Expert

Consulting a qualified forensic expert in the first instance can save significant time and money as well as deliver other important benefits as discussed below.

Objectivity and Admissibility of any evidence

We can work with your IT team in order to reduce the likelihood of accidental deletion/alteration of data or a negative impact on the admissibility or integrity of any evidence that may exist. It is strongly recommended that management liaise with forensic experts before accessing any information that is potentially relevant.

Engaging an independent expert brings a level of objectivity to proceedings, offering a defensible position to employers should accusations later arise relating to the fabrication of emails or other evidence.

Further, a forensic specialist makes sure that any pertinent information is collected in a sound manner, ensuring a chain of custody, rendering it admissible in legal proceedings should the need arise, similarly they can be called upon as an independent expert to testify in court to the facts uncovered during an investigation.  

Time Savings

Forensic Technology software is designed to conduct in depth searches across multiple data sets e.g. emails, documents, files, folders etc. whilst maintaining the data’s integrity. When compared to general IT software, which can take considerably longer to find the information in the first instance with an increased likelihood of missing the information altogether.  

To illustrate this point, forensic software can search via the following fields:

  • email address
  • dates sent/received
  • body of the email
  • embedded header information (IP address / name of sending computers)
  • with/without attachments
  • body of attachments
  • meta data of attachments (created, modified, printed, author, software version)
  • identify deleted files or emails

Cost Savings

Involving forensic experts at the outset avoids your company incurring the costs associated with having your own IT personnel undertake work that is not core to the daily operations of your business. What’s more, it is likely that such specialised investigative activities are not what your IT team are qualified, experienced or resourced to undertake.  

BDO’s forensic services team are highly experienced in all elements of forensic investigations from risk assessment and employee training to the development of policies, procedures and protocols around fraud, misconduct as well as the many elements that make up cyber security in today’s digital landscape.

Please don’t hesitate to contact me should you have queries on any of the issues considered in this article.