Judgment of eligibility for power harassment in recent court cases and how to deal with power harassment required of companies Part 1
2023/7/12
[Webinar materials can be downloaded] EU Foreign Subsidy Regulation (FSR) for Japanese companies
2023/7/13
Cyberattacks, unauthorized access, information leaks, data falsification, and other incidents and accidents involving digital data occur in large numbers, and any company can be involved in them."Digital forensics" is a necessary process for countermeasures and responses to such crimes and fraudulent activities.In this article, we will explain the basic knowledge and examples of digital forensics, and introduce how to select the best service vendor.
What is digital forensics
Digital forensics (or computer forensics) is a field of forensic science that collects and analyzes data stored on digital devices to reveal evidence of crime or fraud. point.It is used as a comprehensive concept that covers not only computers but also all digital devices such as smartphones and tablets.
What is the purpose of digital forensics and when is it necessary?
Digital data can provide clues not only to cybercrime damage such as unauthorized access, data falsification, and remote control, which are rapidly increasing due to the increasing use of IT in society, but also to internal crimes such as information leaks and fraudulent accounting."Digital forensics" to investigate the cause and evidence from the traces of access to the digital data and the restoration of deleted data has become important.
Whether it is an attack from outside the company or an internal fraud, measures to prevent recurrence can be established by investigating the cause of where the vulnerability was in the company's system and how the damage occurred.It is also useful in the sense that it clarifies where responsibility lies.
Duration and general flow of digital forensics
The period required for a digital forensic investigation varies from several hours to several months, depending on the number of devices to be investigated, investigation items, investigation purpose, etc.
The research begins with an interview.After clarifying the purpose of the survey, data preservation and collection began.Next, we will analyze the collected data using a dedicated analysis tool to clarify the background and route of the damage.We will then create a report based on the information obtained.
Process of Digital Forensics Investigation
・Hearing
First, a hearing was held about the content of the incident.Confirm the survey target, survey items, and survey deadline.
・Evidence preservation
If the data is changed after the damage is discovered, accurate investigation results cannot be obtained, so it is essential to preserve and collect the data promptly.Replicate the entire data for the device under investigation.At that time, a value called "hash value" is generated to prove the identity of the original data and the duplicate data.Proceed in such a way that there is no falsification or omission of data.
・Investigation/reconstruction
Analyze and analyze the preserved and collected data according to appropriate procedures to extract information that can be the cause or evidence.In addition, if the data is encrypted or deleted, the technology to decrypt and restore the data is also required.
·report
We will organize the entire survey results and create a report that can be submitted to a third party.
Examples of Digital Forensics Targets
Digital forensics (computer forensics) is sometimes called as follows depending on the subject of investigation.
mobile forensics
Digital forensics for mobile devices such as mobile phones and smartphones is sometimes called this way.In particular, smartphones have functions similar to those of PCs and are now essential devices for business, so important evidence in fraud cases is often stored.It's a familiar device, so it's easy to let your guard down, but you need to be careful not to damage the evidence by touching the data carelessly.
Network forensics
Digital forensics for network logs and communication data.Investigate network logs to identify information leaks and how attacks occurred.By checking daily data behavior, it can be expected to act as a deterrent to information leakage and fraud by insiders.
Importance of digital forensics and risk if countermeasures are not taken
Whether inside or outside the company, you never know when you'll be involved in a digital data crime.Conscious companies are always prepared.What are the risks if digital forensics measures are inadequate?
Occurrence of secondary damage
Of course, if the data and evidence related to fraudulent activity is not quickly captured and acted upon, the damage will continue to escalate.Careless handling can cause secondary damage, such as overwriting important data that serves as evidence, or unintentionally executing malicious programs.
Increased response costs
In digital forensics, there are also cases where the work time is enormous due to the processing of large amounts of data.If we start without any forecast, the same work will be repeated, secondary damage will increase, and the response cost will increase.
Damage to corporate value
The greatest risk is the loss of corporate value.As long as the cause is a company engaged in economic activities, regardless of whether it is internal or external, incidents related to digital data are socially responsible.Appropriate measures and responses are essential.
What Digital Forensics Can Do
Here are some examples of typical investigation purposes to show what kind of cases digital forensics is effective.
Investigation of unauthorized access, information leakage, etc.
In the event of a cyber-attack such as unauthorized access or malware infection, we use digital forensics to investigate the cause.What are the types of cyberattacks, where are the vulnerabilities, and what are the infection processes and routes?Not only will it help prevent recurrence, but in some cases it will also be possible to take legal action such as litigation.
Collecting evidence in litigation
In the event of a security incident, digital forensics can help not only in preserving and analyzing evidence, but also in assigning responsibility.By investigating the circumstances in detail, if you find out who was at fault in the accident, you can prepare for a lawsuit if you are held responsible.
Assessing the organization's security posture
Network forensics can also be used to investigate security posture issues.If you can identify vulnerabilities in your network and systems, you can upgrade your outdated software, change firewall settings, and take other steps to strengthen your security measures against unauthorized access and data leaks.
Prevention of internal improprieties
Digital forensics can also be expected to be effective in preventing internal improprieties.If a company shows a willingness to conduct a digital forensic investigation when a fraudulent act occurs and firmly investigate the cause, it will also function as a deterrent to attempts to commit fraud in the future.
Representative cases where digital forensics was implemented
We will introduce specific cases where digital forensics was actually used to solve problems.
Response to third-party committee
In the event of a large-scale scandal that shook the world, such as quality fraud due to falsification of inspection data, it is essential to promptly establish a "third-party committee" and proceed with the scandal investigation. is on the rise.In the investigation of the third-party committee, it is necessary to analyze electronic data such as emails, SNS, texts, etc., so there are cases where the forensic vendor participates in the investigation as a support for the third-party committee or the third-party committee. increasing.Forensic vendors with experience in third-party committees can be considered to have a certain reputation for accuracy and speed of forensics.
Respond to antitrust law investigations
The act of arranging prices, etc. for the purpose of avoiding competition between business operators is called a "cartel." If a business operator with a large share of the market does this, the buyer suffers a disadvantage. is prohibited inWhen the Fair Trade Commission points out suspicion of a cartel, companies need to immediately proceed with the cartel investigation, and digital forensics plays an important role in that as well.By preserving and restoring the e-mails and documents of related employees, we will not only gather evidence, clarify the facts, and prevent recurrence, but will also promptly gather high-quality evidence and cooperate with the investigation by the Fair Trade Commission. , is subject to the surcharge exemption system (leniency system), and the surcharge may be exempted or significantly reduced.
Accounting fraud investigation response
Digital forensics is also indispensable in investigations of accounting fraud such as falsification of sales, manipulation of the timing of recording costs, and fictitious sales.It is necessary to quickly analyze the e-mails and texts of the relevant employees and clarify the actual state of the accounting fraud.When serious accounting fraud is discovered, there are an increasing number of cases where a third-party committee is formed, but as mentioned above, digital forensics is deeply involved even in such cases.In addition, there are many cases of accounting fraud by overseas subsidiaries, and in such cases, it is ideal to outsource to a forensic vendor with overseas branches, which has less risk of information leakage.
Responding to surveys on the impact of information leaks
Digital forensics are indispensable for investigating confidential corporate information leaks due to unauthorized intrusions by cyberattacks, information removal by employees, human error, etc. Did you take it out with an external connection device such as USB, or did you send it to a third party by e-mail?Through forensics, we identify the leak route and scope, investigate the cause of the information leak, and design measures to prevent recurrence.
Cases of digital forensics
Here are some specific examples of when digital forensics is needed.
[Case 1] In-house investigation of unauthorized removal of confidential information
Two years after former employee A moved to a competing company, it was discovered that a product similar to the company's product was being manufactured without permission and sold overseas.I'm going to do an internal investigation. When I checked the log of the PC that A was using, I was able to confirm that a large amount of data had been copied a few days before the retirement date, but the amount of data was too large and related to taking the information out. I haven't been able to determine until now.
In the court's view, in order to identify the crime, "it is necessary to identify the behavior of the person and the trade secret," and the person in charge of the company accurately identified the fraud from a large amount of record information exceeding 100 million. It is difficult to extract a copy or deletion, and the lack of third partyity was raised as a concern.Therefore, in order to ensure third partyity, we asked a specialized support service company to conduct an investigation.We conducted a large amount of log data investigation by building our own database.
As a result, former employee A copied about 30 data to a USB memory, and several days later deleted the external HDD after unplugging the network cable.Furthermore, we have confirmed the fact that unrelated program files have been written and deleted several times for about 120 hours.
[Case 2] Investigation of personal information leakage due to malware infection
It was discovered that a company's computer was infected with malware.Since personal information was also suspected, a support service company was requested to identify the infection route and investigate traces of information leakage from the infected terminal.Hundreds of devices were investigated because the source of infection was unknown.
We analyzed with an analysis tool, visualized the attack route, and identified the victim terminal.In addition, we investigated about 30 cyber black markets to see if leaked information is being bought and sold on the dark web.As a result, we were able to identify not only the PC where the information was leaked, but also that the information was leaked to the dark web.
Digital forensics cost, market price and investigation period
As in the example introduced, we will introduce the market price for the cost and the period required for the investigation when requesting a specialized support service company.
How much does it cost to hire a survey company?
The cost of a forensic investigation is generally around several hundred thousand yen per device.However, depending on various factors such as the content and scale of the survey, it may cost tens of thousands of yen or several million yen.
How long does a digital forensic investigation take?
Forensic investigations can take anywhere from a few hours to several months.It will vary depending on the number of devices to be investigated, investigation items, investigation purpose, etc.If the date of the trial or the deadline for publication of the investigation results is fixed, consult with us as soon as possible.
How to recommend and select a digital forensic investigation company
When it comes to digital forensics, we recommend using a professional support service company.Here's why.
4 reasons why you should consult a research company
[Reason 1] Requires advanced expertise and know-how
Simply copying data does not guarantee the maintenance of evidence, nor can it restore deleted data.Reliable data extraction and record management are essential for valid evidence in lawsuits, so it is effective to use an investigation company with specialized knowledge and know-how.This is especially true in cases where a large amount of processing and resources are required, such as when there are hundreds of terminals to be investigated for identifying the infection route of information leakage.
[Reason 2] Preservation of evidence and neutrality can be guaranteed
If data recovery is required in addition to data collection, if digital forensics is performed only by the company's IT department, data that should have been preserved and collected may be damaged.In addition, in cases where there is suspicion of intentional information leakage by a person within the company, using an external professional service can reduce the factors that will result in a disadvantage in litigation, in order to ensure neutrality.
[Reason 3] Survey using the latest tools is possible
Investigating cyberattacks requires using the latest tools.Malware continues to grow every day.A professional support services company can keep you updated with such latest knowledge and corresponding tools.
[Reason 4] You can investigate at the optimum cost
If you need specialized knowledge or tools, you may think that your company can hire new staff and purchase the necessary tools, but you never know when an incident will occur or what scale it will be. yeah.Professional support services can pay a scale-appropriate cost to investigate.As a result, it is more economical to ask a service vendor.
Points to consider when choosing a digital forensics investigation company
・Experience and expertise of the research company
Companies with a large number of investigation results have accumulated high technical capabilities and know-how on data recovery, so they will be able to select the appropriate method for each case and respond at a reasonable cost.Since the number of companies that can handle large-scale or special investigations is limited, whether or not there is a track record of requests from listed companies, the police, government agencies, etc. is an important point in judging reliability. .
・Tools and techniques of research companies
The results of the survey will vary depending on the equipment the company has and the skill level of the engineers.Be sure to check it in light of your achievements.In particular, data recovery requires specialized tools and advanced technical skills.Make sure you choose a vendor that is familiar with restoration work.
・Pricing by research companies
The cost of digital forensics varies greatly depending on the number of engineers involved in the investigation and the amount of data.In that case, we recommend that you choose a vendor whose cost items are clear about how additional charges will be incurred.
・Reputation of the research company
You can check the reputation of a candidate research company by referring to companies that have used it.We will ask the research company about the companies and lawyers that will serve as references, and hear the actual reputation of the research company from those companies and lawyers.Although it takes time and effort, it is a recommended method for selecting the best company that matches your company and project.
AI utilization in digital forensics
In today's digital forensics, which deals with huge amounts of data, the accuracy and speed are dramatically improved by utilizing AI (artificial intelligence).A small number of sample files are read by a small number of experts and the AI learns the judgment criteria, so that only relevant items can be extracted from a large amount of data.The simple data sorting work that must be done at the beginning of the survey can be done in a short time with a small number of people, so not only the efficiency of the survey can be improved, but also the accuracy can be improved by allowing experts to concentrate their resources.
Why Choose Digital Forensics Vendor Pioneer "FRONTEO"
As a pioneer in forensic support services, FRONTEO has been involved in fraud investigations since its founding in 2003. In 2004, he held a digital forensics seminar for the police for the first time in Japan.As a leading forensics company in Japan, we also contributed to the establishment of the Digital Forensics Study Group.
In 2006, the popularity of digital forensics rose sharply when it was used to investigate the "Livedoor Incident", but FRONTEO had been conducting forensic investigations for three years before that. With a history of 3 years and a track record of over 20 fraud investigations, FRONTEO's digital forensics are often used in the "third party committee" of scandal cases that disturb the world.It contributes to solving the problems of many companies with its high reliability.
Since FRONTEO has branch offices in the United States, South Korea, and Taiwan, there are many transactions with enterprise companies that have overseas subsidiaries.FRONTEO's digital forensic technology is heavily used to protect the interests of Japanese companies in forensic investigations such as accounting fraud by subsidiaries and forensic investigations when involved in overseas lawsuits.Recently, we have been involved in many cartel investigations of large companies, and have been highly evaluated for our response to the surcharge exemption system (leniency system).
Another feature of FRONTEO is that it provides non-stop services from data preservation and collection to analysis and report creation.The self-developed AI engine "KIBIT" is a simple and high-performance algorithm, and unlike other products, it has the characteristics of a small amount of training data, short introduction, and light calculation processing, so it can be implemented early. is.It can be flexibly customized for systems and special data developed independently by companies.
FRONTEO's digital forensics is a fusion of 20 years of responsibility and achievements as a leading company and the technology of an in-house developed AI engine.If you are a company considering a forensic investigation, please contact FRONTEO once.
