Managing investigations remotely

03 April 2020

As business and the broader economy seeks to adapt to a changing world, it’s worthwhile considering how we can maintain a level of vigilance and appropriately respond to financial crime or unwanted events, when or if they occur.  History indicates that in times of uncertainty or crisis the risk of fraud or financial crime occurring is heightened.  Control functions become less of a focus and opportunities to exploit already weakened financial systems becomes a reality.

Whilst remaining vigilant to these concerns is critical, how an organisation responds if or when a fraud is suspected is vital now more than ever, as any impact to cash flow could be terminal.  Advanced investigation teams have the capabilities to deal with the majority of investigation tasks remotely, without the need to be onsite or disrupt a workplace.  The initial phases of any investigation should not require direct face-to-face interaction and, for this reason, it is likely that technology will play a significant role in the evidence identification and examination phases.  Below are sources of information that can be examined remotely with minimal employer interaction.

  1. Computers – The forensic image of a user’s work computer can be acquired remotely, provided there is an IT connection.  Advanced Forensic teams can work closely with IT representatives to install software that enables this process to occur efficiently and in a forensically sound manner.

  2. Cloud Hosted systems including ERP – Experienced investigations teams will have the technology to deal with a range of cloud-hosted systems including ERP, CRM and DMS.  Secure connections to those systems that enable teams to review or analyse key data in those platforms is essential.

  3. Finance systems and platforms – The ability to interrogate financial data is often the source of truth to investigations that involve a financial element.  Exporting this data from the client network remotely and then transferring it securely to a designated forensic platform enables the critical phase of financial examinations to continue.  In some instances it may also be possible to remotely access procurement systems and banking data for relevant information.

  4. Office 365 (O635) – O365 is now the most widely used corporate and government email platform in the world.  As O365 is a cloud-based platform, access to email accounts can be performed anywhere provided the permissions and access are properly documented. Extracting audit logs to find evidence of activity within the platform that are relevant to the investigation requirements is also essential.

  5. Internet history – Investigations teams are often called upon to work with a variety of devices such as proxy servers and firewalls to identify, extract and interrogate internet activity of users remotely.  Advanced Forensic teams can deploy technology that will acquire local internet history logs from remote computers.

  6. Technology – Software such as Zoom, Skype and Microsoft Teams allows investigators to use video conferences for advance interviews, providing another level of efficiency.  Whilst there are certain interviews that would only be conducted in person, the flexibility of technology is proving its worth given the current travel restrictions.

In these turbulent times it’s important to realise, whilst vigilance in controls are critical, responding to incidents shouldn’t be prohibited by a perceived inability to be on site or in the workplace actively undertaking investigation tasks. In the e-commerce economy evidence is likely to be sourced in systems, devices and electronic communications. Identifying and securing this evidence early will greatly assist in being able to protect assets and identify those who may attempt to take advantage of the risks that we are all dealing with.