Digital documentation is the cornerstone of today’s fraud investigation. As technology and business become more and more interdependent, investigators usually look first for digital evidence.
Nearly everyone has a phone, computer, tablet, smartwatch, gaming console or virtual assistant, or one of each. All of these devices can hold or store incriminating digital evidence.
As network servers replace filing cabinets in offices around the world, fraud investigators need to understand where, when and how to look for digital evidence for investigations. This article will help you identify these valuable evidence sources.
Fraud investigations usually contain a lot of evidence. Learn how case management software can help you keep that organized in our new eBook.
Preserving Digital Evidence
It’s important when dealing with digital evidence to prioritize preservation. Digital documents can easily be altered or permanently destroyed, so make sure to always make forensically-sound copies.
First, check the most obvious places: the accused’s work devices. Whether the organization provides them with a laptop, cell phone, tablet or desktop computer to conduct their work, there may be a whole host of digital evidence saved on any of these devices.
Look at saved documents, notes, spreadsheets, images, videos, bookmarks and search history for digital evidence.
Second, check connected technologies to find digital evidence or create a timeline.
Most files are now stored on servers or clouds around the world. If you can’t find evidence directly on the accused’s device, look outside of the device.
Check the network server, file-hosting services and applications that might contain files or show incriminating login times, user accesses and user activity.
Offline storage sources are slowly becoming out of date, making it an attractive place to store incriminating digital data. Plus, the offline storage device can be shipped far away from the scene of the crime, adding in many extra steps for the fraud investigator.
Look for flash drives, old-school CDs, DVDs and floppy disks around the accused’s desk, home or storage units. They may contain transaction data, emails, videos, fake documents or other digital evidence tying the accused to the fraud.
Often, the fraudster will leave incriminating digital evidence on their personal devices.
With the requisite authorizations, look at the desktop computer, laptop or tablet in their home. Maybe they’ve saved a Word document to their desktop containing action steps or a to-do list.
Check their personal cell phone too. Their phone may contain photographic or video evidence of them committing the fraud or associating with other accused fraudsters.
Lastly, check communications sources such as emails, call logs, voicemails, text messages, third-party messaging apps, social media, gaming consoles and home assistants. Ideally, there will be explicit digital evidence, such as a text message in which they’re admitting to the fraud.
But these sources often don’t contain clear digital evidence of the actual crime. Instead, they may contain proof that the fraud is being perpetrated while incriminating the suspect. Communications sources make it easy to create a “digital footprint” for the accused.
Social media is a great communication source because most people tend to overshare. Even if they don’t overshare directly by posting a status or uploading a photo of them stealing, their account will likely save metadata. Timestamps and geolocation can be incriminating too.
As technology continues to evolve, digital evidence will continue to overtake physical evidence in importance and priority. It’s important to look beyond the obvious when searching for digital evidence. An open mind and some technical knowledge may lead you to a treasure trove of hidden evidence.