What is computer forensics?Introduce the survey flow and necessity
2023/7/28
[Webinar] The latest US Department of Justice (DOJ) corporate crackdown policy and its impact on Japanese companies Part 2 [Subtitles]
2023/8/1
Fraud and incidents that can occur in any company, such as internal fraud such as embezzlement and leakage of confidential information.Forensic investigations targeting e-mails are gaining increasing attention as a means of preventing such incidents and appropriately resolving them in the event of an emergency.Here, we will introduce the basic knowledge of forensics for emails, the investigation process, and specific examples.
What is Forensic Investigation and Digital Forensics?
A forensic investigation is a forensic investigation conducted when an incident such as internal fraud or information leakage occurs.In particular, investigations that analyze data stored in digital devices to reveal evidence of fraud, etc. are called digital forensics (or computer forensics), which targets not only computers but also digital data such as smartphones and tablets. It is used as a comprehensive concept of
For forensic investigation of emails
Forensic investigation is a simple term, but actually there are various contents.Among them, email is a tool that is used in many exchanges that are indispensable for the progress of business in any company, and surveys are often conducted on the history of sent and received emails and deleted emails.
Cases that require forensic investigation of emails
Typical incidents that require forensic investigation of emails include:Facts such as when, with whom, what kind of content was exchanged, and what kind of data was attached are investigated.
・There is an internal report that there is fraud with a business partner, and I want to obtain the evidence from the email.
・There is a possibility that information has been leaked via email, and you want to check the route and content.
・I want to follow the history of recovered emails in order to check the actual working conditions of employees.
Forensic investigations should not be handled in-house, but should be consulted with an investigation company
If you try to complete the forensic investigation of emails in-house, there is also the risk of overwriting important evidence data, unnecessarily moving the PC to execute a virus, and further expanding the damage. .And maybe the in-house research itself concealed or falsified unfavorable data?This may lead to suspicion.In the first place, it is not realistic to investigate the number of emails, which are often enormous, on your own, so it is desirable to consult a third-party specialist who has specialized tools and know-how and can quickly investigate.
Methods and Flow of Forensic Investigation of Emails
We will introduce the investigation method and flow of the forensic investigation process, focusing on the case of e-mail.
・Hearing
First, we will interview you about the details of the incident.Determine the scope of the forensic investigation, such as what kind of incident, how many people are involved, and which department they are involved in, the investigation target, and the investigation items.In the case of e-mail, consider whether to obtain e-mail data from a server, a terminal such as a computer, or both.Whether or not to restore the email data is also considered at this point, but in many cases restoration is carried out.
・Protection and processing of data
E-mails with a lot of evidence require proper data preservation and careful investigation.In addition to the text data such as the body text, information on the header part of the mail called metadata, so-called information on the sender, receiver, date and time, IP address, mail server used, etc. is also subject to preservation.
・Investigation/analysis (review)
Investigate and analyze the preserved and collected data according to appropriate procedures to extract information that can be the cause or evidence.
·report
Create a report that organizes the survey results.Suggestions for future actions may also be included.
About the cost and market price required for email forensic investigation
Forensic investigations require a high level of expertise.When requesting a vendor for forensic investigation of emails, the breakdown of costs includes data processing and search costs, analysis and analysis (review) of whether it can be used as evidence, and data hosting. The review process usually accounts for most of the cost.The final amount varies greatly depending on the scope and contents of the investigation, and ranges from tens of thousands of yen to several million yen.The use of AI in surveys has also been widely recognized recently, and significant cost benefits can be obtained by using AI to dramatically improve the efficiency of surveys.
Advantages of email forensic investigation using AI
The use of AI (artificial intelligence) is effective in e-mail forensics, which requires investigation of a huge amount of e-mails.The merits of AI are immeasurable, such as enabling high-speed, high-precision investigations with few omissions.
FRONTEO, which has been involved in many email forensic investigations so far, conducts investigations with the AI (artificial intelligence) engine KIBIT developed in-house.An algorithm that explores the mechanism of human superior judgment ability extracts sentences that correspond to fraudulence from a huge amount of e-mail documents.
Specific examples of email forensics
What incidents are email forensics effective for?We will introduce typical cases that require investigation and cases where FRONTEO actually led to solutions.
For more information about the case studies, please visitForensic investigation pageSee also the case study.
Email data recovery
A case in which a sales representative of a certain company deleted sales-related data, a customer list, and e-mail data exchanged with customers from a company PC, and requested that the e-mails be restored and the PC returned as soon as possible. FRONTEO receives the PC in the morning, preserves the evidence, and returns the PC in the evening.Restoration work was handled with multiple tools, and the related documents and emails were successfully restored.
Fraud investigations such as embezzlement and kickbacks
Company B, a business partner, pointed out that an employee of Company A was showing offensive behavior.Investigating internal emails without being detected by the employee in question confirmed the existence of another person who was kicking back.Although "crypto" was used in the email, the AI engine KIBIT confirmed the complicity.As a result of the investigation, those involved were criminally charged.
Security Incident Investigation
After receiving a report from a business partner, Company C, that "a suspicious email claiming to be from Company D has arrived," an investigation was conducted, and a virus was detected on a terminal dedicated to the business management system where customer information was stored. FRONTEO analyzes the details of the virus from the trace investigation of the virus remaining in the terminal and the network log.In addition to issuing a warning and apology for suspicious emails to those affected, we also conducted incident response training for employees and took measures to prevent recurrence.
FRONTEO forensic investigation using in-house developed AI
After a problem has arisen, rushing to find a forensic investigation company is not a quick response.It's wise to anticipate an incident and consult a service vendor with a proven track record in forensic investigations.
There are many forensic vendors, but the biggest point is that FRONTEO uses its own AI (artificial intelligence) engine KIBIT.FRONTEO, which has been involved in many forensic investigations so far, also conducts investigations on emails with the in-house developed AI engine KIBIT. Extract relevant text.Information leaks, data falsification, embezzlement/kickbacks, labor issues, harassment issues, security cases... Our experience in dealing with a wide variety of cases allows us to provide effective and cost-effective investigations and proposals.We detect and solve problems in a wide range of companies at an early stage.
