Be careful! Your first response towards evidence profoundly affects the outcome of the investigationputri
Evidence is an essential aspect of fraud investigation. Once a company receives a report and finds strong indications of fraud, the first step is to preserve all the potential evidence at the scene while awaiting further handling by a professional investigator.
Potential evidence could be non-digital or digital. Potential digital evidence, could be documents, pictures, video, etc., that are stored in electronic devices – laptops, computers, smartphones, tablets, etc. – are vulnerable to damage or loss. Often, the company has no clue that a careless way in preserving the potential evidence can lead to mistakenly modify or eliminate them that profoundly affects the outcome of the investigation.
Therefore, a company’s first response should be done very carefully. The first thing they should do is to not touch these devices and ensure that they stay in place.
“The first response you should take to preserve the potential evidence on your device, depends on the condition of the device itself. If the device is a computer that is switched on, you should leave it on. Should you need to turn it off, then it can only be done by unplugging the devices from the power source. This initial step is important in terms of digital forensics for maintaining the data stored in the memory,” explained Bastian Galih, Digital Forensic Specialist Integrity Indonesia.
The next step is to take over all of the potential suspect’s access to the potential evidence to prevent any attempts of modification or removal of evidence. For example, the company will need to take away all of their devices in a way that complies with the applicable rules or policies, and the company should also take over the potential suspect’s corporate email access.
“Usually companies use two email bases, such as the Post Office Protocol (POP) with Ms. Outlook, and the Web with Gmail. Different types of emails would require different treatments. POP-based email can be checked directly because the data (potential evidence) is on the device, while web-based email checking can be done by applying cloud forensics,” he explained.
Another method is that the company can put the potential suspect on leave for as long as necessary.
All of these methods are the initial steps that a company is required to take and are often key factors in the detection and prevention of fraud, as well as with recovering losses, and assisting in legal proceedings.
No less significant is leaving the case to professional and experienced investigators. Integrity Indonesia, with up to fifteen years of experience, will guarantee a comprehensive, compliant, thorough, and discreet approach in identifying and investigating fraud. We collect relevant evidence through required investigative activities, including computer forensics which covers the recovery of deleted data. For more detailed information about fraud investigations and other compliance services, contact us today.