What is email forensics? Explanation of forensic investigation methods, email examples, and cost images.

Fraud and incidents that can occur in any company, such as internal fraud such as embezzlement and leakage of confidential information. In order to prevent such incidents from occurring and to properly resolve them in case of emergency, forensic investigations targeting e-mails are attracting more and more attention. This section introduces the basics of forensic investigation of e-mails, the process of investigation, and specific examples.

What is forensic investigation and digital forensics?

Forensic investigation is a forensic investigation conducted when an incident such as internal fraud or information leakage occurs. In particular, investigations that analyze data stored on digital devices to reveal evidence of fraud are known as digital forensics (or computer forensics). Digital forensics is a comprehensive concept that covers not only computers, but also smartphones, tablets, and other digital data.

→ What is forensics? Explaining the meaning, necessary situations, investigation methods and cautions.

For forensic investigations targeting e-mail

Forensic investigations actually cover a wide range of topics. Among them, e-mail is a tool that is used by all companies to carry out much of the communication that is indispensable to the progress of business, and investigations targeting the history of sent and received e-mails and deleted e-mails are often conducted.

Cases in which a forensic investigation targeting e-mail is required

Typical incidents that require forensic investigation of email include the following The facts such as when, with whom, what contents were exchanged, what kind of data was attached, etc. are investigated.

There is an internal report of misconduct with a business partner, and we would like to obtain evidence of such misconduct from the e-mails.
There is a possibility that information was leaked via e-mail, and we would like to confirm the route and contents of the leak.
We would like to trace the history of recovered e-mails in order to confirm the actual working conditions of employees.

We do not want to conduct forensic investigation in-house, but consult an investigation company.

If you try to conduct a forensic investigation of e-mails on your own, there is a risk of causing further damage, such as overwriting important evidence data or running a virus by unnecessarily moving a PC. In addition, the company's own investigation itself may lead to suspicion that the company may have covered up or falsified unfavorable data. In the first place, the number of e-mails that are sent to the company can be enormous. It is not practical for a company to investigate a huge number of e-mails by itself, and it is advisable to consult a third-party specialist who has specialized tools and know-how and can investigate quickly.

→ For inquiries about forensic investigation, please contact us here.

Methods and flow of forensic investigation targeting e-mail

The following is an introduction to the process of forensic investigation, focusing on the case where e-mail is the subject of the investigation and the method and flow of the investigation.

Hearing
First, we interview the incident. The scope of the forensic investigation is defined, including what kind of incident it is, how many people are involved, which departments are involved, and the investigation targets and items to be investigated. In the case of e-mail, we also consider whether the e-mail data should be retrieved from a server, a computer or other device, or both. Whether or not the e-mail data should be recovered is also considered at this point, but in many cases, a recovery response is implemented.

Preservation and processing of data
As there is a lot of evidence in e-mails, it is necessary to properly preserve the data and proceed with the investigation with care. In addition to text data such as the body of an email, metadata, which is the information in the header of an email, such as the sender, recipient, date and time, IP address, and the email server used, is also subject to preservation.

Investigation and analysis (review)
The data that has been preserved and collected is investigated and analyzed according to appropriate procedures to extract information that could be the cause of the problem or evidence.

Investigation and Reporting
A report summarizing the results of the investigation is prepared. The report may include suggestions for future actions to be taken.

Costs and Rates for Email Forensic Investigations

Forensic investigations require a high level of expertise. When a vendor is hired to conduct an email forensic investigation, the cost includes the cost of data processing and retrieval, as well as analysis and analysis of potential evidence (review) and data hosting, but as with general forensics, the review process usually accounts for the majority of the cost. The final cost varies greatly depending on the scope and content of the investigation, ranging from several tens of thousands of yen to several million yen. In addition, awareness of the use of AI in investigations has been spreading recently, and significant cost advantages can be obtained by utilizing AI to dramatically improve the efficiency of investigations.

Advantages of AI-based email forensic investigation

AI (Artificial Intelligence) is effective in email forensics, which requires the investigation of a large number of emails. The benefits of AI are immeasurable, such as high-speed and highly accurate investigation with fewer omissions.

FRONTEO, which has handled many mail forensic investigations, conducts investigations using KIBIT, an AI (artificial intelligence) engine developed in-house. Using an algorithm that explores the mechanism of superior human decision-making ability, KIBIT extracts sentences that correspond to fraud from a vast number of e-mail documents.

Specific examples of e-mail forensics

What kind of incidents is email forensics effective for? The following are typical cases that require investigation and examples of actual cases that FRONTEO has led to solutions.

For more information on investigation cases, please also see the case studies on the Forensic Investigations page.

Recovery of email data

A sales representative of a company had deleted sales-related data, customer lists, and customer e-mail data from his company PC, and wanted to recover the e-mail and return the PC as soon as possible. FRONTEO received the PC in the morning, preserved the evidence, and returned it to the client in the evening.

Investigation of embezzlement, kickbacks, and other fraudulent activities

Company B, one of our business partners, pointed out that an employee of Company A was acting flamboyantly, and upon investigation, we discovered that there was a discrepancy between the amount billed and the amount paid. Upon investigation, we discovered that there was a discrepancy between the amount billed and the amount paid. Without being detected by the employee in question, we investigated internal e-mails and confirmed the existence of another person who was making kickbacks. Although "hidden words" were used in the e-mails, KIBIT, an AI engine, confirmed the existence of an accomplice. After questioning, the parties involved were criminally charged.

Investigation of a security matter

FRONTEO was contacted by a client, Company C, who reported receiving a suspicious e-mail claiming to be from Company D. Upon investigation, FRONTEO detected a virus on a terminal dedicated to a business management system where customer information was stored. FRONTEO investigated the traces of the virus remaining in the terminal and analyzed the details of the virus from the network logs, issued a "warning and apology for the suspicious e-mail," and conducted incident response training for employees to prevent recurrence.

FRONTEO's forensic investigation using self-developed AI

It is not a quick response to rush to find a forensic investigation company after a problem has occurred. It is wise to anticipate an incident in advance and consult with a service vendor with a proven track record in forensic investigation.

There are many forensic vendors, but the most important point is that FRONTEO uses KIBIT, an AI (Artificial Intelligence) engine developed in-house. FRONTEO, which has handled many forensic investigations, uses KIBIT, its self-developed AI engine, to investigate e-mails, and uses an algorithm that explores the mechanism of superior human decision-making ability to extract fraudulent text from a huge volume of e-mail documents. Our experience in handling information leaks, data falsification, embezzlement/kickbacks, labor issues, harassment issues, and security matters...... diverse cases enables us to conduct effective and cost-effective investigations and proposals. We detect and resolve a wide range of corporate problems at an early stage.

→ Click here to contact us for forensic investigation consultation and inquiries.

→ FRONTEO's Forensic Investigation Service page

→ [Related article] What is forensics? Explaining the Meaning, Necessary Situations, Investigation Methods, and Cautions