Large Scale Fraud Cases And The Issues Surrounding E-Discovery Investigations

First published September 2007

submitted by CY4OR Limited

A recent Report by the Fraud Advisory Panel revealed that the average length of a serious fraud investigation between 2002 and 2006 totalled 33 months, costing the British taxpayer around £100 million per year to fund in Legally Aided cases. An example would be the 2005 Jubilee Line prosecution, which fell apart after a 21 month trial at the Old Bailey. The price tag for this particular failed investigation was placed at £60 million.

In their recently published document ‘Improving the Investigation and Prosecution of Fraud’, particular attention was paid to two common pitfalls in fraud investigations. Firstly difficulties faced in focusing the investigation during the early stages, and secondly containing the issues that arise when handling large volumes of seized material. Seized material includes vast amounts of information found on computers that is becoming increasingly relevant and valuable. At their most serious, problems in any of these areas can lead to the failure of a prosecution. So in summary there are not only questions of cost raised by the FAP, but also ones of efficiency and methodology when investigating fraud cases.

It is no wonder then perhaps that the Fraud Advisory Panel are pushing for the use of resource saving technology in the form of Electronic Discovery to help focus investigations in the early stages, and process vast quantities of information efficiently and effectively. However although E Discovery has been picked up well by the investigative fraud community across the pond, we are being surprisingly slow to respond and many litigators are still unsure of its format and usefulness.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Picture the typical fraudulent scene – a company director and finance team are accused of VAT fraud over its 5 years of trading. The accounts team alone consist of 4 individuals each with their own computer workstations. All invoice documents are created on these computers, and all staff have access to internal and external email facilities. Before the firm switched to electronic invoicing, they were paper based, and so there is a also years worth of paper documentation stored on the premises.

The defence team need to review all invoicing documentation, all emails between defendants to investigate chains of communication, and all associated documents produced over this time period. This could equate to tens of thousands of documents, some of which may have been deleted over time and so are not immediately accessible.

Where do they begin to investigate all this information bearing in mind the following points?

– Firstly, Association of Chief Police Officer guidelines must followed so as to ensure no computer based evidence is corrupted. These guidelines dictate that “An audit trail or other record of all processes applied to computer-based evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result”. How much of the defence team are IT literate let alone au fait with forensic applications and processes?

– Secondly, the investigation qualifies for legal aid and the Legal Services Commission are looking for the most resource effective solution to examining all evidence. The physicality of searching through pallets of printed information or megabytes of digital information for pieces of evidence, drain resources significantly on the part of defence teams – both financially, and in terms of man hours, often at the detriment of the progression of the case.

– Thirdly, the defence team is made up of several individuals; lawyers, counsel, accountants who are spread across the country. The logistics of regular case conferences are often difficult to master, and circulating sensitive evidential case material via email can be a cause for concern from a security point of view.

The solution to investigations of this nature from an investigative point of view is Electronic Discovery. Electronic Discovery is the review and production of evidentiary material for litigation, stored in electronic format. This may include email, word processing documents, spreadsheets, databases and presentations. The data can be stored or found on portable media (e.g. tapes, CDs, floppies), hard drives, residual data (i.e. deleted data), personal organizers, mobile telephones and employee personal computers.

E Discovery is entirely ACPO compliant provided it is carried out using recognized forensic procedures. Firstly the seizure of computer based information must be addressed – some E Discovery suppliers will also provide this service. All relevant workstations within the defendant company must be forensically imaged (a snapshot of all information deleted or live on the computer is taken). This is non invasive and does not affect business continuity. From that point on the investigation will be carried out from the forensic images, which at this stage are non comprehensible to an averagely IT literate professional – a computer forensic team must be brought in. All paper based documentation is also seized at this stage, and logged as evidence by the forensic team.

Further to this, the paper based documents will be scanned using optical recognition software and combined with the thousands of digital documents that have been recovered (if deleted) or extracted from the computer. They will all be uploaded into the E Discovery software; the process can take a little as a few days to complete. The database is burnt onto DVD and supplied to the defence. It is that simple.

The defence team are now in a unique position. They have all documents and emails created by the defendant company throughout its time in trading at their discretion stored on CD. This includes deleted documents which have been recovered by a computer forensics company. All documents can be viewed in a PDF format or printed as required. They can be searched by key names, dates, document titles etc, and as the information has been uploaded using character optical recognition software it will become immediately available on the screen.

Documents that have been noted by the defence team as relevant or important to the investigation can be categorised, annotated or redacted to highlight their significance to the case. Copies of the edited E Discovery database can then be shared between the defence team, so everyone can see the trail of events, lines of investigation and potential evidence. The database can also be password protected to enhance levels of security.

In addition, the documents in the database have been Bate stamped, so can be served as disclosure during the litigation process.

This seems simple enough, so why are we not utilising this service to find the proverbial needle in the haystack in large scale fraud cases? It is cost effective, resource saving and an intelligent way to begin an investigation; the start of which is often little more than a fishing expedition. Some Legal 20 firms and accountancy firms have got on board, and have even gone to such lengths as to acquire their own internal team of forensic professionals, combining this with the acquisition of their own E Discovery software.

However for the small to medium size firm it is not financially achievable to recruit a team dedicated to providing this service should a case arise – and so the solution is to outsource to third party.

There seems to be a few typical responses to why teams are not using this service.

The service is too expensive. This needn’t be the case and is often resource saving. Compared to manually trawling through reams of paper, or years worth of digital documentation, it is an efficient solution for locating documents of reference. According to a survey recently published in the financial times, the average fraud case now requires the analysis of 5000 emails and electronic documents however this is often only the tip of the iceberg.

Just print it. Aside from the obvious financial resources and manpower that would be needed to print our and review all digital documents, key areas could be missed doing this. For example, printing out an email would not account for any individuals who had been BCC’d into the correspondence. This wouldn’t show on the printed material and would therefore be overlooked.

I shy away from all things ‘technical’. This is not an uber technical piece of software. In fact in many cases it has been specifically designed for the non IT based community. It is in essence a searchable database with supporting features.

Confidentiality and security issues with outsourcing. Research the E Discovery company you are outsourcing to, especially if deleted data needs to be recovered. Reputable companies will have forensic capabilities and trained in EnCase software – the industry standard. They will also be security cleared and will have signed the official secrets act.

CY4OR Limited

+44 (0)161 797 8123

info@cy4or.co.uk

www.CY4OR.co.uk

Leave a Comment