What is EDRM (Electronic Disclosure Reference Model)?Introducing basic knowledge and work processes
2023 December 6[Webinar] Protecting Japanese companies from US regulators - "Best measures" and "Latest trends" Part 3 [Subtitles]
2023 December 7When a company is suspected of virus infection, unauthorized access, leakage of confidential or personal information, embezzlement, quality fraud, or other internal fraud, a forensic investigation is required.We will explain in an easy-to-understand manner what a forensic investigation is, the necessary cases, points to note, and the specific flow.
What is a forensic investigation?
A forensic investigation is an investigation conducted when an incident such as internal fraud or information leakage occurs.Forensic generally means "identification"Originally, it referred to forensic investigations and investigations to find legal evidence, which were mainly carried out in police criminal investigations, and meant investigations to collect and analyze evidence.
in the IT fieldForensicsThis refers to searching for evidence and clues from digital devices such as computers, and cases of investigating, searching, and analyzing legal evidence from digital data are increasing.
Types of Forensic Investigations
Even in forensic investigations, digital data can be used toDigital forensicsHowever, the reality is that most communications, records, and documents are now digitized, and many forensic investigations are now digital forensics.It is a technology that investigates the causes of crimes and malware intrusions in the digital environment, and the demand for it has been increasing in recent years.There are several types depending on the device being investigated.
computer forensics
Collection and analysis of electronic data recorded on computers, such as information leaks and unauthorized access.computer forensicsIt's called.For example, we seize an identified suspect's computer, copy and analyze the hard disk, and recover operation history and data.
Memory forensics
Memory forensics is the collection and analysis of information stored in the memory (RAM) of a computer system.By analyzing processes in memory to identify unauthorized activities, and by analyzing encrypted data in memory, etc., we investigate causes such as malware intrusion and investigate fraudulent activities.
mobile forensics
Digital forensics related to mobile devices such as smartphones and tablets is mobile forensics.Collect and analyze device storage, applications, and communication history.Also includes information about cloud services such as online storage, email accounts, etc. associated with the device
Network forensics
Network forensics collects and analyzes network communication data and log information.It leads to the detection of fraud from packets (communication data) that enter and leave the target network.In addition to detecting malicious packet data, it is also used for real-time incident response.
fast forensics
Normal forensic investigations require a lot of time, but fast forensics is a method that emphasizes quick results.Efficiently process large amounts of data by determining priorities based on importance and urgency, automating and allocating tasks, and sharing information.Priority is given to minimizing the damage by investigating the cause as soon as possible and grasping unauthorized behavior and intrusion routes.
Major cases requiring forensic investigation
When is a forensic investigation necessary?Here are some specific examples of how forensic investigations are used in companies.
Leakage of confidential or personal information
Information leaks caused by employees taking out confidential company information or extracting personal information at the time of retirement.Evidence is identified by investigating the history of unauthorized exchanges, copies, and removal from the employee's personal computer.
Quality fraud, embezzlement/kickback
Employees tend to destroy evidence when internal fraud is suspected, such as data falsification for intentional quality fraud, embezzlement and kickbacks, and fraudulent accounting.Carefully investigate suspicious employees by extracting e-mail histories without being detected by the person himself/herself.Assume if there is an accomplice and investigate.
Collusion, fraudulent purchasing
Forensic investigations are also used for fraud and scandals between companies, such as bid rigging and purchasing fraud.Restore and analyze deleted data for evidence of fraud.Predicting high-probability cases and conducting AI-based audits during normal times also has the effect of preventing fraudulent activities.
Electronic data includes emails, text files, various internal documents, chat messages, spreadsheet software, image data, website content, and all other data that has been agreed to be submitted.Protect the data to be submitted so that it is not falsified or destroyed.Collect the data that you think is necessary and convert it into an agreed format.Review and analysis will be required to find the texts agreed for submission.
Labor issues, harassment issues
Forensic investigations are also effective in investigating labor-related incidents such as unfair billing of overtime and negligence of duties.Investigate the actual state of work from employee computer logs, e-mails, chat histories, etc.Evidence will also be checked for the presence or absence of interactions related to harassment.
Security incidents such as malware infections
When you become aware of damage caused by hacking or malware infection, it is necessary to investigate the extent of damage such as information leaks, whether there was virus infection or unauthorized access, and through what route.Companies that handle personal information are obliged by law to quickly grasp the facts and to make a prescribed report when a leak of personal data is recognized.
Forensic investigation process
When you encounter a case that requires a forensic investigation, what steps should you take?We will introduce the general flow and each step.
initial investigation
First, clarify the purpose of the research.Decide the devices and systems to be investigated, the target period, etc., and secure resources such as acquisition and analysis methods, tools and human resources necessary for the investigation.
Data collection/preservation
Secure the devices to be investigated and properly protect the collected digital data from accidental deletion or destruction.We collect the data to be investigated and also generate a complete copy.
Data processing/analysis
Read information from the target device and copied data, and restore any deleted files.Optimize for easy analysis.
Data analysis
The process of making an analysis based on information organized for research purposes.We analyze whether the information matches the purpose of the investigation and whether it can be used as evidence while making full use of our legal knowledge.
report
The results obtained from the analysis are summarized in a report and submitted.The contents and facts of the investigation will be described and will be the material that can be used in court.
Points to note when conducting forensic investigations
Forensic investigations require a wide range of expertise, including digital and legal.It is necessary to know that it is difficult to cover a series of work in-house.
Possibility of secondary incidents
In the first place, there are many cases where there is no specialized knowledge or technical know-how in the company.Inability to investigate properly and mishandling of data may lead to secondary damage.
In the case of serious incidents, it is often the case that objectivity involving a third party is necessary to avoid suspicion of cover-up, and it can be said that there is a limit to the investigation of the company alone.
For forensic investigations, consult with vendors with proven track record and technical capabilities
Forensic investigation with limitations in in-house investigation.It is a shortcut to ask a research company with a proven track record and technical capabilities.
FRONTEO, a leading company in forensic investigations using AI
"FRONTEO" has been conducting forensic investigations since the dawn of digital forensics in Japan. Since our founding in 2003, we have faced various challenges as a pioneer in fraud investigations in Japan.Utilizing the knowledge gained from the overwhelming number of incidents, we propose effective and cost-effective investigations for all types of incidents.
More than 2000 forensic results and high technical capabilities utilizing AI technology
While making full use of the latest technology such as our proprietary AI engine, we also utilize our own software.We approach data identification, preservation, processing, review, and submission data creation with high technical capabilities in one stop.The know-how we have cultivated over many years has become our ability to respond to a wide range of companies and problems.
Over 2000 digital forensic cases.Consultation on various types of case investigations, including information leaks, data falsification, embezzlement/kickbacks, bid rigging, purchasing fraud, labor issues, identification of sources of suspicious documents, harassment issues, security cases, and commissioned (appraisal) investigation support for investigative agencies. Is possible.
FRONTEO Forensic Investigation Case
The strength of "FRONTEO" is its extensive experience in forensic investigations.Here's a real-world example of a forensic investigation and problem resolution.
Confidential Information Leakage Investigation
There was a whistle-blowing information that "an employee who will retire soon is taking confidential information outside", and the need for an investigation arose.Since it was discovered that the company PC possessed trade secret information outside the scope of work, the lawyer interviewed the person.FRONTEO responded to the complete deletion of related information because it acknowledged the fact.This led to the prevention of information leaks.
Embezzlement / kickback investigation
Company B, a business partner, pointed out that an employee of Company A was showing offensive behavior. FRONTEO investigated the emails of company A using a self-developed document review tool and confirmed the fact that the kickback was being carried out and two accomplices.Hearings were conducted by corporate lawyers, and criminal charges were filed against those involved.
Security case
After receiving a call from a business partner that "a suspicious email claiming to be from Company C has arrived," Company C conducted an internal investigation, and a virus was detected in a terminal dedicated to the business management system.There was a need to confirm whether personal information had been leaked, and FRONTEO's investigation confirmed multiple viruses in the email data. Company C issued a warning and apology for the suspicious email, explained the background and scope of damage to the relevant parties, and took measures to prevent recurrence through FRONTEO training.
Overwhelming achievements and AI technology "FRONTEO" for forensic investigations
With the spread of smartphones and tablets, there is a possibility of various incidents occurring to anyone, regardless of the size of the company or individual.If you feel the need for a forensic investigation, entrusting it to an expert you can trust is a wise choice.
FRONTEO conducts its own forensic investigations using its own AI (artificial intelligence) engine KIBIT.By investigating a huge amount of data such as emails and chats with a document review tool called KIBIT Automator, reliable evidence, data restoration, data preservation and analysis are realized.FRONTEO, which has an overwhelming track record in forensic investigations, utilizes the latest AI technology to quickly propose optimal solutions in the event of an emergency.