Electronics are the key to combating fraud and it's the storage capacity of
modern electronic equipment that holds the key to the increasing wave of
"This the ideal place to start in the search for evidence; then the trick is
to be able to navigate the maze of information quickly and focus on the key
information," says Kajen Subramoney of KPMG Forensic Technology, specialists
in extraction and analysis of electronic evidence.
Subramoney combines his background in computer engineering with strict
forensic principles to maximise the technology available to collect data
from electronic media and process it down to a manageable amount for review.
Electronic evidence is important for a number of reasons:
* There is a large amount of it;
* It is durable – 'delete' on a computer does not mean 'delete', so it is
possible for specialists to retrieve such data;
* It includes new types of objective documentary evidence – computers
routinely store 'invisible' information without the knowledge of the user
(metadata), for instance as to when a particular letter was created,
modified or read, and by whom and when; and
* The casual nature of e-mails makes them a rich source for revealing
Subramoney says the key to success lies in the strategy employed by
investigators to attack the mountain of electronic evidence in a methodical
The first stage is to plan the collection and review of electronic evidence
carefully, prioritising different sources or types of evidence.
The next step is to secure the data. The routine destruction or recycling
of back-up and other electronic media may need to be halted. It may also be
sensible to take an immediate back-up as a snapshot of the data at that
Investigators need to identify the individuals who may have created or
received relevant electronic data and then locate it.
This may be found in a number of locations such as:
* Laptop and desktop computer hard drives;
* Shared areas on network servers – e-mail files are usually stored on a
dedicated e-mail server, while documents relating to a specific project may
be stored in a folder on a dedicated drive.
* Portable media – CDs and memory sticks;
* Back-up tapes;
* Live databases – (e.g., stock, sales, and accounting and client
relationship management databases) tend to be 'living' documents that evolve
"The key skill is to be able to comprehensively guide clients through the
potential minefield of data protection and human rights legislation to
ensure that any data recovery exercise will yield admissible evidence," adds