A multinational development company established an internal team to quickly investigate allegations of misconduct. The team turned to First Response and Nuix for help to rapidly process, search and analyse three terabytes of data from disparate sources within the company. Within hours, the investigations team found the critical information it needed to respond properly to the allegations, saving the weeks that it would have taken using any other software to get the same results.CHALLENGE
A global development company faced allegations of misallocated funding and general misconduct within a four-year programme with multiple delivery strands that crossed international borders and involved more than 150 staff operating in many languages.
The organisation launched a forensic investigation to find out if there was any truth in the allegations. The data analysis requirements of the investigation were large and complex.
Investigators quickly needed to find accurate answers to these allegations from approximately 3TB of data which was spread across multiple file types and locations, including:
• More than 250,000 documents stored within a cloud system
• 92GB of data in two different mailbox formats
• Numerous folders within multiple Microsoft SharePoint
sites comprising over 250GB of data
• A hosted program knowledge management system.
The organisation called in computer forensic specialists First Response, a Nuix services and training partner, to support its internal investigations team. John Douglas, Technical Director at First Response deployed Nuix Workstation, a supercharged data processing, search and analysis platform, which he used to index the large quantities of programme data and make it
easily searchable for timely analysis with the team.
FORENSICALLY PRESERVED RELEVANT EVIDENCE
Using Nuix, Douglas and the investigations team quickly and efficiently identified the evidence sources required to respond to the allegations. Investigators kept data from all these sources within a compound Nuix case file, removing the need to convert or move data between formats and tools during the investigation.
“This made it much easier to maintain provenance and trace critical evidence identified during the investigation back to its original source,” said Douglas.
“We also needed to maintain evidential integrity and produce a legally sound forensic technical report,” he explained. “This is why it was so important to use Nuix.”
A spokesperson for the company added, “Nuix helped us meet organisational imperatives for transparency in our programming and we would not hesitate to use it again for any future due diligence processes.”
PROCESSED 3TB OF DATA WITHIN HOURS
First Response used Nuix on two reasonably powerful office work computers to process all 3TB of case data within hours.
This enabled the team to start searching the data using keywords almost immediately.
“Consolidating the data from the various project sources and indexing it to enable effective keyword searches would have been impossible without Nuix’s forensic processing capabilities,” said the spokesperson.
“The advantage of using Nuix when you have a lot of data to analyse in a short time frame is the speed with which it can index your data – it’s the fastest data slicer and dicer there is,” said Douglas.
“Other forensic tools can’t process the same volume and variety of data types as Nuix can, in the time it can do it. Nuix has made this information available for search, analysis and review while other tools are still churning through the dataset.”
QUICKLY ELIMINATED DUPLICATES AND IRRELEVANT DATA
Nuix’s inbuilt data analytics capabilities automatically deduplicates data during processing which significantly reduced the size of the dataset investigators needed to review.
“Nuix saved us a lot of time by matching identical content regardless of where this data was stored and identifying the unique items,” said Douglas. “This was particularly useful given our data was spread across multiple repositories and networks.
“We could then identify within hours rather than days which documents were relevant to the investigation. By reviewing only the relevant files, we could pinpoint the critical information we needed to understand the facts of the case much faster.”
COMPARED SIMILAR DOCUMENTS SIDE BY SIDE
Nuix gave investigators a single pane of glass to compare and cross-reference intelligence across all data sources at once.
“Nuix automatically grouped and visualised the most important forensic artifacts,” said Douglas. “We could also display a complete chronology of events in one timeline and see communication networks and maps of activity across all sources.”
“At the start of this investigation we had no idea about what Nuix could do,” said the spokesperson. “Once John outlined the possibilities of the tool, we provided timelines, GPS locations, email addresses, keywords and other information that John combined into search terms and applied to the entire database of indexed data.
“As a group, it only took us 45 minutes to narrow down these search results and find the answers we needed. Without John’s forensic expertise and the power and capability of Nuix, we have no idea how long it would have taken us.”
ABOUT FIRST RESPONSE
First Response is a London based specialist cyber incident response and digital investigation company that helps organisations navigate the complex issues surrounding systems breaches, server compromises and data loss. They work with a wide variety of clients including banks, law firms, energy and manufacturing companies and public-sector bodies.
Nuix understands the DNA of data at enormous scale. Our software pinpoints the critical information organisations need to anticipate, detect and act on risk, compliance and security threats. To learn more visit www.nuix.com.